Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me http://69.28.210.175/media/1


  • This topic is locked This topic is locked
8 replies to this topic

#1 helpmepleaseany1

helpmepleaseany1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 07 August 2005 - 04:03 PM

I am getting irritating popups of this website http://69.28.210.175/media/1.

this is my HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 3:56:56 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\paalnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hambmxpeswurshdqpfapkqiy.us/hbj...hUWg3EJzx0.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hgtv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E226C0A-00E1-AF24-7ED2-126CE8E446DC} - C:\Program Files\cdmweb\qwnftctnhk.dll (file missing)
O2 - BHO: (no name) - {10DBF2E9-C253-6026-9247-35A287A36628} - C:\DOCUME~1\Owner\APPLIC~1\16INTE~1\Rdrcash.exe
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\SCARIN~2.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\sachook.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\Owner\LOCALS~1\Temp\tnofva.dat (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CATLEvents Object - {DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F} - C:\DOCUME~1\Owner\LOCALS~1\Temp\mocrc.dat (file missing)
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Configuration Loaded] wupdated.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [zjdmubht] C:\WINDOWS\System32\vymsmllp.exe
O4 - HKLM\..\Run: [W3KNetwork] RunDll32.exe w3knet.dll,DLLInitRun
O4 - HKLM\..\Run: [svrc] C:\WINDOWS\repair\svrc.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [*svrc] C:\WINDOWS\repair\svrc.exe
O4 - HKLM\..\Run: [*dnsad] C:\WINDOWS\Fonts\dnsad.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\java\Packages\winmfc.exe
O4 - HKLM\..\Run: [SScanner] C:\DOCUME~1\Owner\LOCALS~1\Temp\realscannerm.exe
O4 - HKLM\..\Run: [*ckb] C:\WINDOWS\repair\ckb.exe
O4 - HKLM\..\Run: [*drvimg] C:\WINDOWS\AppPatch\drvimg.exe
O4 - HKLM\..\Run: [*tcpxml] C:\WINDOWS\AppPatch\tcpxml.exe
O4 - HKLM\..\Run: [*imgcom] C:\WINDOWS\Fonts\imgcom.exe
O4 - HKLM\..\Run: [cip] C:\WINDOWS\Fonts\atari-kids.ttf\cip.exe
O4 - HKLM\..\Run: [*avanti] C:\WINDOWS\Cursors\avanti.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Meta Rule Memo Web] C:\Documents and Settings\All Users\Application Data\ForkAtomMetaRule\Defy acid.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\paalnp.exe reg_run
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AutoLoader20va1bTXaYPL] "C:\WINDOWS\system32\offlhelp.exe"
O4 - HKLM\..\Run: [274Q3nO] offlhelp.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\RunServices: [Configuration Loaded] wupdated.exe
O4 - HKLM\..\RunOnce: [VcCleanUp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\VcCleanUp.exe /F C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\ /RemoveAll
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KasparovChessmate.exe] C:\DOWNLO~1\KASPAR~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skipsoftware] C:\DOCUME~1\Owner\APPLIC~1\SPAMKE~1\longglobaltime.exe
O4 - HKCU\..\Run: [Jwv4Rhi3l] oddinst.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\websearch\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/mp3.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_mp3.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www2.skoobidoo.com/softwares//Download_2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3429F5FE-C21A-4C2B-9033-820A316A46B1}: NameServer = 209.244.0.3 209.244.0.4
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe



Please help me anyone

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:41 AM

Posted 07 August 2005 - 05:58 PM

Hello,

You had/have some nasty infections here, but it seems like most of it is already gone.. however, we'll see afterwards..

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!
Because this is with a reason I'm asking you this!

Your log shows signs of a Vundo trojan infection. This infection is difficult to remove manually but fortunately, Symantec has developed a fix for it.

[*]Download FixVundo.
[*]Save FixVundo.exe to a convenient location, such as your desktop.
[*]Close any programs that you may have open.
[*]If you are connected to a network and/or a full-time Internet connection, please disconnect your computer now. Failure to do so might prevent the fix from working.
[*]Double-click FixVundo.exe to start the Vundo removal tool.
[*]Click "Start" to begin the removal process. Remember not to have any programs open.
[*]It will scan your computer for signs of Vundo. Depending on the amount of files you have, it might take a long time.
[*]Restart your computer.
[*]Run the tool with the same instructions to make sure Vundo has been eliminated.
[*]You can reconnect your computer to the network and/or full-time internet connection.
[*]Restart your computer once more.

Then..

You probably have messengerplus installed with sponsors. So, I advise you to uninstall messengerplus first. If you really like the program and think it's very usefull, you can install it again AFTER your system is clean again. Please make sure you install it without the sponsors. (They'll ask you in the beginning of the install)

During the uninstall you will get a little window as in the example here: http://www.msgplus.net/images/sponsor_uninstall.jpg
If you can't find that window, look in your taskbar. Type the code you'll see in that window and click uninstall.

Also Uninstall next if still present:

180searchassistant
WinFixer 2005
Need2Find
InstaFinderK
WildTangent
SideFind
Altnet


I also suggest you uninstall Flashget, because it brings spyware with it!!

When finished, reboot your system.

* Download and install CCleaner
Do not use it yet.

Please download LSPfix and save it to the Desktop and unzip it.

* Run LSPfix and place a check against the I know what I am doing checkbox.

Highlight every instance of osmim.dll and move it from the Keep to the Remove panel. Be sure to move nothing other than osmim.dll!

When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hambmxpeswurshdqpfapkqiy.us/hbj...hUWg3EJzx0.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: (no name) - {0E226C0A-00E1-AF24-7ED2-126CE8E446DC} - C:\Program Files\cdmweb\qwnftctnhk.dll (file missing)
O2 - BHO: (no name) - {10DBF2E9-C253-6026-9247-35A287A36628} - C:\DOCUME~1\Owner\APPLIC~1\16INTE~1\Rdrcash.exe
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\SCARIN~2.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\sachook.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\Owner\LOCALS~1\Temp\tnofva.dat (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: CATLEvents Object - {DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F} - C:\DOCUME~1\Owner\LOCALS~1\Temp\mocrc.dat (file missing)
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\Owner\LOCALS~1\Temp\crvs.dat (file missing)
O4 - HKLM\..\Run: [Configuration Loaded] wupdated.exe
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [zjdmubht] C:\WINDOWS\System32\vymsmllp.exe
O4 - HKLM\..\Run: [W3KNetwork] RunDll32.exe w3knet.dll,DLLInitRun
O4 - HKLM\..\Run: [svrc] C:\WINDOWS\repair\svrc.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [*svrc] C:\WINDOWS\repair\svrc.exe
O4 - HKLM\..\Run: [*dnsad] C:\WINDOWS\Fonts\dnsad.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\java\Packages\winmfc.exe
O4 - HKLM\..\Run: [SScanner] C:\DOCUME~1\Owner\LOCALS~1\Temp\realscannerm.exe
O4 - HKLM\..\Run: [*ckb] C:\WINDOWS\repair\ckb.exe
O4 - HKLM\..\Run: [*drvimg] C:\WINDOWS\AppPatch\drvimg.exe
O4 - HKLM\..\Run: [*tcpxml] C:\WINDOWS\AppPatch\tcpxml.exe
O4 - HKLM\..\Run: [*imgcom] C:\WINDOWS\Fonts\imgcom.exe
O4 - HKLM\..\Run: [cip] C:\WINDOWS\Fonts\atari-kids.ttf\cip.exe
O4 - HKLM\..\Run: [*avanti] C:\WINDOWS\Cursors\avanti.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Meta Rule Memo Web] C:\Documents and Settings\All Users\Application Data\ForkAtomMetaRule\Defy acid.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\paalnp.exe reg_run
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AutoLoader20va1bTXaYPL] "C:\WINDOWS\system32\offlhelp.exe"
O4 - HKLM\..\Run: [274Q3nO] offlhelp.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\RunServices: [Configuration Loaded] wupdated.exe
O4 - HKLM\..\RunOnce: [VcCleanUp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\VcCleanUp.exe /F C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\ /RemoveAll
O4 - HKCU\..\Run: [KasparovChessmate.exe] C:\DOWNLO~1\KASPAR~1.EXE /r
O4 - HKCU\..\Run: [Skipsoftware] C:\DOCUME~1\Owner\APPLIC~1\SPAMKE~1\longglobaltime.exe
O4 - HKCU\..\Run: [Jwv4Rhi3l] oddinst.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Web Savings - file://C:\Program Files\websearch\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/mp3.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_mp3.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www2.skoobidoo.com/softwares//Download_2.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O19 - User stylesheet: (file missing)


* Click on Fix Checked when finished and exit HijackThis.


* Using Windows Explorer, locate the following folders, and delete them if still present:

C:\DOCUMENTS AND SETTINGS\Owner\APPLICATION DATA\16INTE..<== folder, starts with these letters
c:\program files\180searchassistant
C:\Program Files\Need2Find
C:\PROGRAM FILES\INSTAFINDERK
C:\Documents and Settings\All Users\Application Data\ForkAtomMetaRule
C:\WINDOWS\system32\P2P Networking
c:\program files\altnet
C:\Program Files\WinFixer 2005
C:\Program Files\SideFind
C:\DOCUMENTS AND SETTINGS\Owner\APPLICATION DATA\SPAMKE.. <== folder, starts with these letters
C:\Program Files\websearch

Remove the following files if still present!

C:\WINDOWS\system32\paalnp.exe
C:\WINDOWS\repair\svrc.exe
C:\WINDOWS\Fonts\dnsad.exe
C:\WINDOWS\java\Packages\winmfc.exe
C:\WINDOWS\repair\ckb.exe
C:\WINDOWS\AppPatch\drvimg.exe
C:\WINDOWS\AppPatch\tcpxml.exe
C:\WINDOWS\Fonts\imgcom.exe
C:\WINDOWS\Fonts\atari-kids.ttf\cip.exe
C:\WINDOWS\Cursors\avanti.exe
C:\WINDOWS\System32\vymsmllp.exe
C:\WINDOWS\System32\w3knet.dll
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\System32\AUNPS2.DLL
C:\WINDOWS\System32\E6F1873B.DLL
C:\WINDOWS\System32\D9EBC318C
C:\WINDOWS\system32\offlhelp.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5LP_0001_0715NetInstaller.exe

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

Open Ad-aware and do a full scan. Remove all it finds.


Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.
PLEASE TELL ME IF YOU COULDN'T Remove any files!! Because some of hem also run in safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 helpmepleaseany1

helpmepleaseany1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 08 August 2005 - 02:41 PM

Thank you soo much....I think that my comp is ok now.....here is the logs from hijackthis and ewido.


HJT
Logfile of HijackThis v1.99.1
Scan saved at 2:37:25 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hgtv.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [zjdmubht] C:\WINDOWS\System32\vymsmllp.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3429F5FE-C21A-4C2B-9033-820A316A46B1}: NameServer = 66.90.130.101 66.90.133.117
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe


Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:23:44 PM, 8/8/2005
+ Report-Checksum: 175788EC

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\ADM -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\DownloadManager -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\LocalFiles -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM.ADM -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{99A8E2B2-3405-4C0D-9110-131C14CAAF62} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000221} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D} -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3DE88907-3E38-11D4-BEB2-CBE76C0598DD} -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{870B70D4-F6DA-47AE-9158-D146440A0A4D} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F59C663D-E891-492C-86E3-0758C71885C2} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\CSIE.CSIECore -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CSIE.CSIECore\CLSID -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CSIE.CSIECore\CurVer -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CLSID -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CurVer -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Spyware.InstaFinder : Cleaned with backup
HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Spyware.InstaFinder : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{29E825AA-13BC-457C-806A-D72E4A25B3C5} -> Spyware.BrilliantDigital : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9388907F-82F5-434D-A941-BB802C6DD7C1} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9D4548CE-92FD-4C6C-AE7F-3DBE3BC763D8} -> Spyware.BrilliantDigital : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AD5BC1F0-72D8-44B3-8E3D-8E8FECCE43FB} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D686DB39-659A-491A-A35C-60B99495C16E} -> Spyware.Xupiter : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438} -> Spyware.BrilliantDigital : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E813099D-5529-47F4-9B37-4AFAFCB00A43} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTactivex.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTactivex.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTactivex.Installer\CurVer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTactivex.Installer.2 -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTactivex.Installer.2\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\PK.IE -> TrojanSpy.PerfectKeylogger : Cleaned with backup
HKLM\SOFTWARE\Classes\PK.IE\CLSID -> TrojanSpy.PerfectKeylogger : Cleaned with backup
HKLM\SOFTWARE\Classes\PK.IE\CurVer -> TrojanSpy.PerfectKeylogger : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A} -> TrojanSpy.PerfectKeylogger : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{308A04D3-084D-43AA-A3E6-0D12BCCA3CE6} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{60494593-5408-447D-BD5E-A16640D6AF99} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{676F6D1D-C559-42A9-860B-27C1477B7179} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{844C39EC-7EA4-4F11-BCE6-28404FD768E3} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BFF4F684-677E-44F4-8C74-1D575C950E10} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\CLRSCH -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\CLRSCH\Loader -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\CLRSCH\resolvers -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\CLRSCH\SideBar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\CLRSCH\sidebars -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\CLRSCH\SideSearch -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\GInternet -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\GInternet\Proxy -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\CLSID\{3DE88907-3E38-11D4-BEB2-CBE76C0598DD} -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Web3000 Network -> Spyware.Web3000 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web3000 Network -> Spyware.Web3000 : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\netsetter -> Spyware.MarketScore : Cleaned with backup
HKLM\SOFTWARE\netsetter\aol -> Spyware.MarketScore : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\web3000.com -> Spyware.Web3000 : Cleaned with backup
HKLM\SOFTWARE\web3000.com\w3knet -> Spyware.Web3000 : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\0x7A69 -> Spyware.DownloadPlus : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\0x7A69\Message Center -> Spyware.DownloadPlus : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Cydoor\Adwr_434 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Cydoor\Adwr_434\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_4468 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_4469 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_4467 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_4468 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_4469 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_4468 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_4469 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} -> Spyware.Antispykeylog : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8E271-FAB9-418A-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60112085-E1CE-4E0E-823A-EBB1AD98804C} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109AF33-6949-4833-8881-43DCC232B7B2} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{870B70D4-F6DA-47AE-9158-D146440A0A4D} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C886256C-7A63-4213-AD2F-02AD3735DF06} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F32F8ECD-6CF3-459D-82F2-9738392C85A8} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\web3000.com -> Spyware.Web3000 : Cleaned with backup
HKU\S-1-5-21-1757522311-4021471483-3402929131-1003\Software\web3000.com\w3knet -> Spyware.Web3000 : Cleaned with backup
[876] C:\WINDOWS\system32\eddka.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
[1572] C:\WINDOWS\system32\paalnp.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
[604] C:\WINDOWS\system32\kffwskd.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0DIF8H6F\!update-2134[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0DIF8H6F\!update-2174[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RKZ950D7\!update-2154[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RKZ950D7\!update-2164[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101341-286.dll -> Spyware.MySearch : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101341-389.dll -> Spyware.404Search : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101341-566.dll -> TrojanSpy.Perfectkeylogger.Ad : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101343-433.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101344-503.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101344-729.dll -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101344-862.dll -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050808-101345-580.dll -> Spyware.MetaDirect : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Program Files\C2Media\Setup.exe -> Spyware.Lop : Cleaned with backup
C:\Program Files\ClearSearch\CSBIINST.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ClearSearch\CSIE.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ClearSearch\CSIEINST.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ClearSearch\CSSS.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\ClearSearch\CSSSINST.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\FinalAlert 2 Yuri's Revenge\ncmyb.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.ks : Cleaned with backup
C:\WINDOWS\2_0_1browserhelper2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\AppPatch\apcmd.exe -> TrojanDownloader.Agent.cv : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\bridge.dll -> TrojanSpy.Briss.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m67m.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mp3Software_Plugin.exe -> TrojanDownloader.FunWeb : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\m67m.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\QDow.dll -> TrojanDownloader.QDown.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\QDow.dll -> TrojanDownloader.QDown.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\Download_UL.dll -> Trojan.TalkStocks.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\DS3.dll -> TrojanDownloader.Lookme.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\mp3Software_Plugin.exe -> TrojanDownloader.FunWeb : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\QDow.dll -> TrojanDownloader.QDown.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\SahHtml_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\wmdmp8x.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Help\starter\faxplay.exe -> TrojanDownloader.Agent.cv : Cleaned with backup
C:\WINDOWS\isearch.exe -> Spyware.TopMoxie.c : Cleaned with backup
C:\WINDOWS\java\Packages\abrutil.exe -> TrojanDownloader.Agent.cv : Cleaned with backup
C:\WINDOWS\java\Packages\wincr.exe -> TrojanDownloader.Agent.cv : Cleaned with backup
C:\WINDOWS\minigolf_affiliate.exe -> Spyware.MetaDirect.b : Cleaned with backup
C:\WINDOWS\mscache.dll -> TrojanDownloader.Skoob.a : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_134000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_0_446700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_0_446800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_0_446900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_449200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_449600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_454300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_0_446700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_0_446800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_0_446900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_0_446700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_0_446800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_0_446900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_152400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_155300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_164100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_445800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_445900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_500300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_500300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_501400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_501400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_502200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_502200.jpg -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_503300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_503300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_504000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_504000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_504100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_504100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_505700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_505700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_506300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_506300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_511400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_511400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_512000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_512000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_512200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_512200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_513100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_513100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_514400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_514400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_514900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_514900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_515000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_515000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_515400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_515400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_515500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_515500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_516700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_517400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_517400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_518200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_518200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_518300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_518300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_519100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_519100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_519600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_519600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_520500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_521100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_521100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_521400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:41 AM

Posted 08 August 2005 - 02:51 PM

Wow, your system really needed a cleanup. :thumbsup:

Still some leftovers...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [zjdmubht] C:\WINDOWS\System32\vymsmllp.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB


By the way, did you uninstall flashget as I suggested?
If so, check next also in hijackthis:

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe


* Click on Fix Checked when finished and exit HijackThis.

Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of the leftovers.
If you don't have those programs yet, you can find the downloadlocations in my sig.

Reboot once again and post a new hijackthislog as a final checkup. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 helpmepleaseany1

helpmepleaseany1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 09 August 2005 - 12:55 PM

Thanks again. I uninstalled Flashget and here's my new HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:51:27 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hgtv.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3429F5FE-C21A-4C2B-9033-820A316A46B1}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Thanks.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:41 AM

Posted 09 August 2005 - 01:11 PM

Looks good... just check and fix next leftover from flashget in hijackthis:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 helpmepleaseany1

helpmepleaseany1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 10 August 2005 - 03:46 AM

Everything is running great, no more popups or anything thank u very much!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:41 AM

Posted 10 August 2005 - 03:53 AM

Good. :-)

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Avoid illegal sites, because that's where most malware is present.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again! :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:41 AM

Posted 19 August 2005 - 09:43 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users