My Hjt Log, Please Review.

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

My Hjt Log, Please Review., running slow and freezing up!

Options

Daisydux View Member Profile	Oct 31 2005, 07:34 PM Post #1
New Member Group: Members Posts: 2 Joined: 31-October 05 Member No.: 39,180	Hello,would like someone to tell me what needs to go......p.c is freezing up and alot of partypoker adds everywhere?? I ran ccleaner,spybot ,ad-aware and trend micro-found and deleted TVmedia.Dr and Zapchast.J . but still having same problems. Thank you very much, Daisydux my log Logfile of HijackThis v1.99.1 Scan saved at 7:18:59 PM, on 10/31/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\WINDOWS\ctfmon.exe C:\HijackThis\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ctfmon.exe O4 - HKCU\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://chat.msn.com O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.3.35/aces...s-ob-assets.cab O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.0.3.35/bin...e-ob-assets.cab O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.31/soli...2-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.1.34/supe...o-ob-assets.cab O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.34/harv...t-ob-assets.cab O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hea...s-ob-assets.cab O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.4.31/pool...l-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.3.35/gin/gin-ob-assets.cab O16 - DPF: LearnKey LTF Applet - file://C:\WINDOWS\system32\lktest.cab O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.0.3.35...l-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.37...d-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.4.31/popp...t-ob-assets.cab O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.3.35...h-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/w...g-ob-assets.cab O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.3.35/worl...s-ob-assets.cab O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer...19/SLCmpser.cab O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com/control/avxnew.dll O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://fun.gamesville.lycos.com/blockdot/popcaploader_v6.cab O16 - DPF: {FE92CB1A-9719-4206-8E7D-BFD4C0169A25} (XClient Class) - http://chat.cuteandsingle.com/downloads-cgi-bin/achat.cab O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Mat2 View Member Profile	Nov 3 2005, 12:05 PM Post #2
Malware Fighter Group: HJT Team Posts: 374 Joined: 25-September 05 From: Derbyshire, UK Member No.: 35,156	Welcome to the forum. I am checking your log now and will return as soon as I have researched all the items. While we are working together, please .... Reply to this thread. Do not start a new topic. If you are unsure of what to do, stop and ask! Don't keep going on. Be patient. HijackThis logs take some time to research. Please note the following: I will be working on your Malware issues: This may or may not, solve other issues you may have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine is clear. (Absence of symptoms does not mean that everything is clear.) The process may take considerable time. -------------------- Mat2

Mat2 View Member Profile	Nov 3 2005, 01:40 PM Post #3
Malware Fighter Group: HJT Team Posts: 374 Joined: 25-September 05 From: Derbyshire, UK Member No.: 35,156	Hi You may want to print out these instructions or save them as a text file with Notepad to your desktop for easy reference. Read this instructions carefully and feel free to ask if you're unsure about something ==================== You will need to unhinde some system files as follow: Click Start Open My Computer Select the Tools menu and click Folder Options Select the View Tab Under the Hidden files and folders heading select Show hidden files and folders Uncheck the Hide protected operating system files (recommended) option Click Yes to confirm Click OK ==================== We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make. Open Microsoft AntiSpyware. Click on Options, Settings. In the left pane, click on Real-time Protection. Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended). Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended). After you uncheck these, click on the Save button and close Microsoft AntiSpyware. Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware. ================= Please download Ewido Security Suite, it is a free version of the program. Install ewido security suite When installing the program, under "Additonal Options" uncheck... Install background guard Install scan via context menu Launch ewido, there should now be an icon on your desktop, double-click it. The program will now open to the main screen. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. You will need to update ewido to the latest definition files: On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display "Update successful") Close Ewido Security Suite If you are having problems with the updater, you can use this link to manually update ewido. Ewido manual updates Once the updates are installed, do the following: Reboot computer into "Safe Mode" using the "F8" method... As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears Use the arrow keys to select the Safe Mode menu item Once in Safe Mode start Ewido Security Suite Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning) Click on Complete System Scan, the scan will now begin. While the scan is in progress you will be promted to clean files, click OK. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report. Click Save Report. Now save the report .txt file to your desktop. Close Ewido Security Suite =============== Run HiJackThis then: 1. Click "*Config..." 2. Click "Misc Tools" 3. Click "Open Process manager" Next, while holding down the CTRL* key, locate (if present) and click on (highlight) each of the following: C:\WINDOWS\ctfmon.exe Now double-check and make sure that only those item(s) above are highlighted, then click "*Kill process". Now, click "Refresh", check again, and repeat this step if any remain. =============== Run HiJackThis* and click "*Scan", then check(tick) the following, if present: O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ctfmon.exe* O4 - HKCU\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com/control/avxnew.dll Now, with all windows closed except HiJackThis, click "*Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: files...* C:\WINDOWS\ctfmon.exe Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode". =============== Post back a new log & Ewido log, and let me know how everything goes. -------------------- Mat2

Daisydux View Member Profile	Nov 4 2005, 06:38 PM Post #4
New Member Group: Members Posts: 2 Joined: 31-October 05 Member No.: 39,180	hello again, That seems to have fixed it! My p.c is running much better and the sites I visit are running normal again. Thank you very much for all your help. Here are my knew logs,please inform me if anything else needs to go. Logfile of HijackThis v1.99.1 Scan saved at 6:27:39 PM, on 11/4/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://chat.msn.com O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.3.35/aces...s-ob-assets.cab O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.0.3.35/bin...e-ob-assets.cab O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.31/soli...2-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.1.34/supe...o-ob-assets.cab O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.34/harv...t-ob-assets.cab O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hea...s-ob-assets.cab O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.4.31/pool...l-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.3.35/gin/gin-ob-assets.cab O16 - DPF: LearnKey LTF Applet - file://C:\WINDOWS\system32\lktest.cab O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.0.3.35...l-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.37...d-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.4.31/popp...t-ob-assets.cab O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.3.35...h-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/w...g-ob-assets.cab O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.3.35/worl...s-ob-assets.cab O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer...19/SLCmpser.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://fun.gamesville.lycos.com/blockdot/popcaploader_v6.cab O16 - DPF: {FE92CB1A-9719-4206-8E7D-BFD4C0169A25} (XClient Class) - http://chat.cuteandsingle.com/downloads-cgi-bin/achat.cab O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe and Ewido, I CANT BELIEVE ALL IT FOUND AND DELETED! --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 5:24:22 AM, 11/4/2005 + Report-Checksum: 4273948 + Scan result: HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{1A8BBF6D-E27B-4E5D-8FA6-B2C56B2B3B86} -> Spyware.iLookup : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\Forward\\ -> Spyware.SecondThought : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{D309267C-4699-4E70-B09E-B50B674493FA} -> Spyware.iLookup : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{D65377CD-5BA2-4108-B670-D2565DE0FB69} -> Spyware.iLookup : Cleaned with backup HKLM\SOFTWARE\Classes\OpenSite.CBrowserHelper\Clsid\\ -> Spyware.OpenSite : Cleaned with backup HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid\\ -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/aj8sml3fo_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/aj8sml3fo_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BM.dll\\.Owner -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BM.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/BM.dll\\.Owner -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/BM.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lcp4q80t9_.dll\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lcp4q80t9_.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader4.ocx\\.Owner -> Spyware.Crazywinnings : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader4.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tl4000.dll\\.Owner -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tl4000.dll\\{C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WEBInstaller.dll\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WEBInstaller.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/websetup.ini\\.Owner -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/websetup.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ASYCFILT.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/bmeb.dll\\.Owner -> Spyware.i-Lookup : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/bmeb.dll\\{D35A69A7-7A34-4C67-814A-3F508C0BF371} -> Spyware.i-Lookup : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/COMCAT.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mmview_ic.dll\\.Owner -> Spyware.FavoriteMan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mmview_ic.dll\\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/MSINET.OCX\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvbvm60.dll\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/objsafe.tlb\\.Owner -> Spyware.Roimoi : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/objsafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEAUT32.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEPRO32.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEPRO32.DLL\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/STDOLE2.TLB\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb -> Spyware.iLookup : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\assoc2 -> Spyware.iLookup : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\kws -> Spyware.iLookup : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\sit -> Spyware.iLookup : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\size -> Spyware.iLookup : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Bundles -> Spyware.SecondThought : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -> Spyware.PeopleOnPage : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02FFC86E-283E-4FAA-95D6-ADDCA024F30A} -> Spyware.180Solutions : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} -> Spyware.2nsSearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{269B6797-664E-48AA-B283-B012BDF6E525} -> Spyware.eUniverse : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30A56549-9D5B-4D34-AFA7-440A7F0538A9} -> Spyware.OpenSite : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} -> Spyware.MegaSearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Cleaned with backup HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@ehg-buyseasons.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Amanda\Cookies\amanda@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Amanda\Local Settings\Temp\Cookies\amanda@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Amanda\Local Settings\Temp\Cookies\amanda@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Amanda\Local Settings\Temp\Cookies\amanda@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\1D89MB0D\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Howard\Cookies\howard@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Howard\Cookies\howard@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Howard\Cookies\howard@cbs.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Howard\Cookies\howard@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Kelly Sue.KELLY\Local Settings\Temp\winlogon.exe -> TrojanSpy.VB.fc : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Sara\Cookies\sara@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041214071007.zip/WINDOWS/NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041214071007.zip/WINDOWS/NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041214071007.zip/WINDOWS/NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/WINDOWS/NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdot~1/newdotnet6_38.dll -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdotnet/uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdot~1/newdotnet6_38.to_be_deleted -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> Spyware.VirtualBouncer : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> Spyware.Cookie.Cj : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> Spyware.Cookie.Revenue : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Com : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrojanDownloader.Rameh.c : Cleaned with backup C:\RECYCLER\S-1-5-21-1180395095-4025279379-689279713-1006\Dc3\backups\backup-20041030-133712-796.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP335\A0043290.exe -> Spyware.Monker : Cleaned with backup C:\WINDOWS\bundles\vl_ezstub.exe -> Adware.eZula : Cleaned with backup C:\WINDOWS\ctfmon.exe -> Spyware.Monker : Cleaned with backup C:\WINDOWS\cxtpls_loader.exe -> Spyware.AproposMedia : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\BM.dll -> TrojanDownloader.Lookme.j : Cleaned with backup C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup C:\WINDOWS\SYSTEM\UpdInstall.exe -> Spyware.VX2 : Cleaned with backup C:\WINDOWS\SYSTEM32\carules.dll -> Spyware.Coupon : Cleaned with backup C:\WINDOWS\SYSTEM32\IfMegaWbr.dll -> TrojanDropper.Small.xm : Cleaned with backup C:\WINDOWS\SYSTEM32\in10thinInstall11s.dll -> TrojanDropper.Small.op : Cleaned with backup C:\WINDOWS\SYSTEM32\MyDailyHoroscope17307.dll -> TrojanDropper.Small.nj : Cleaned with backup C:\WINDOWS\SYSTEM32\ntsfrf.exe -> Spyware.Adstart : Cleaned with backup C:\WINDOWS\SYSTEM32\svc.dll -> TrojanDropper.Miewer.a : Cleaned with backup C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Cleaned with backup ::Report End

Mat2 View Member Profile	Nov 5 2005, 04:24 AM Post #5
Malware Fighter Group: HJT Team Posts: 374 Joined: 25-September 05 From: Derbyshire, UK Member No.: 35,156	Hi, thanks for the logs. Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06. Download Ad-Aware SE Personal 1.06: Download Ad-Aware SE Personal. Save aawsepersonal.exe to a convenient location (eg. the Desktop). Install Ad-Aware SE Personal Double-click on aawsepersonal.exe to install the program. Follow the default settings for installation. After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes. Update Ad-Aware SE Personal Double-click the Ad-Aware SE Personal icon on your Desktop. Click "Check for updates now" then click "Connect". It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish". Configure Ad-Aware SE Personal Click on the Gear button at the top of the window. Click "General" on the left hand side to display the General Settings box. Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark: "Automatically save logfile" "Automatically quarantine objects prior to removal" "Safe Mode (always request confirmation)" "Prompt to update outdated definitions" - change to 7 days from the default 14. Click "Scanning" on the left hand side to display the Scan Settings box. Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark: "Scan within archives" "Select drives & folders to scan" - select your hard drive(s). "Scan active processes" "Scan registry" "Deep-scan registry" "Scan my IE favorites for banned URLs" "Scan my Hosts file" Click "Advanced" on the left hand side to display the Advanced Settings box. Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark: "Move deleted files to Recycle Bin" "Include additional object information" "Include negligible objects information" "Include environment information" Click "Defaults" on the left hand side to display the Default Settings box. Make sure the following items have your preferred settings in them.: "Default homepage" "Default searchpage" Click "Tweak" on the left hand side to display the Tweak Settings box. Click the + (plus) sign next to the Log Files section. This will expand the section. Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark: "Include basic Ad-Aware settings in log file" "Include additional Ad-Aware settings in log file" "Include reference summary in log file" "Include alternate data stream details in log file" Click the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark: "Unload recognized processes & modules during scan" "Scan registry for all users instead of current user only" "Obtain command line of scanned processes" Click the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark: "Always try to unload modules before deletion" "During removal, unload Explorer and IE if necessary" "Let Windows remove files in use at next reboot" "Delete quarantined objects after restoring" Once you are done with these settings, click "Proceed" to save them. This will take you back to the main screen. Run Ad-Aware SE Personal Click the "Start" button. Uncheck the "Search for negligible risk entries" entry. Choose the "Use custom scanning options" scan mode. Click the "Next" button. Ad-Aware will begin to scan for malware residing on your computer. Allow the scan to finish. Right-click on any entry in the list and click "Select All" to select the whole list. Click "Next" and choose "OK" at the prompt to quarantine and remove the objects. Next Download CCleaner from here to clean temp files from your computer. Double click on the file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Click Install then finish to complete installation. Double click the CCleaner shortcut on the desktop to start the program. On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. Click Run Cleaner to run the program. Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. After CCleaner has completed its process, click Exit. Next First is download Spybot S & D available from here. 1. Downloaded and Install Spybot S&D, accepting the Default Settings 2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it. 3. Close ALL windows except Spybot S&D 4. Click the button to ‘Search for Updates’ then download and install the Updates. 5. Next click the button ‘Check for Problems' 6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window 7. Make certain there is a check mark beside all of the RED entries ONLY. 8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries. 9. REBOOT to complete the scan and clear memory. After you have restarted windows you will need to do another Ewido scan. Once it has done can you post the log from it back here. Also can you tell me if adaware and spybot find anything. -------------------- Mat2

Mat2 View Member Profile	Nov 23 2005, 12:13 PM Post #6
Malware Fighter Group: HJT Team Posts: 374 Joined: 25-September 05 From: Derbyshire, UK Member No.: 35,156	Hi I am contacting you to see if you still require the help, as i have not heard anything from you. If you do still need help, please can you Copy/Paste a new HJT Log, back here in this thread. Do Not Start a New Topic Regards -------------------- Mat2

Mat2 View Member Profile	Dec 12 2005, 06:09 PM Post #7
Malware Fighter Group: HJT Team Posts: 374 Joined: 25-September 05 From: Derbyshire, UK Member No.: 35,156	Due lack of response from the poster, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Mat2

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 05:44 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides