Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help me with this virus[CLOSED]


  • This topic is locked This topic is locked

#1
donpldp

donpldp

    New Member

  • Member
  • Pip
  • 8 posts
i dont kinow if this is safe or not but im desprate i have tryied all kinds of anti-virus and spy remover here my hijack please help
Logfile of HijackThis v1.99.1
Scan saved at 2:21:54 AM, on 4/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\DNSLoadTester.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\wfpjsm.exe
C:\temp\EDowPack.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\PROGRA~1\eZula\mmod.exe
C:\WINDOWS\system32\Hyciqn.exe
C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\sahagent.exe
C:\program files\internet explorer\iexplore.exe
C:\temp\EDowPack.exe
C:\Documents and Settings\Donald Palmer\Desktop\New Folder\HijackThis.exe
C:\temp\EDowPack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\ELITET~1\ELITET~2.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\ELITET~1\ELITET~2.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Root WMX] C:\WINDOWS\JAVA\CONF\inicio.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DNSLoadTester] C:\WINDOWS\system32\DNSLoadTester.exe -run http://oss-content.m...re.com/dnstest/
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sp2Protect] C:\WINDOWS\system32\sp2protect.exe
O4 - HKLM\..\Run: [Bluetooth] C:\WINDOWS\system32\shell32.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [MMC Recovery] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [Local Authority Service] C:\WINDOWS\system32\robots.txt
O4 - HKLM\..\Run: [Registry Backup] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\eliteoei32.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FDED1] C:\WINDOWS\wfpjsm.exe
O4 - HKLM\..\Run: [unwlyp] C:\WINDOWS\unwlyp.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Xxcfai.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Hyciqn.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\sahagent.exe run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.../prod/DD_v4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

i have windows xp sp2 thank s
  • 0

Advertisements


#2
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
donpldp

Hello and welcome to Geeks To Go.

You have a number of different problems that I can see. Lets start out with some general scans and see if we cant clean things up a little.

Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

Please run an on-line virus scan at TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

ScHwErV :tazz:
  • 0

#3
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:23:00 AM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


thx for your help i hope this helps
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\DNSLoadTester.exe
C:\WINDOWS\tighe.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XDCC Catcher\catcher.exe
C:\Program Files\LimeWire\LimeWire 4.2.6 Pro\LimeWire.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Donald Palmer\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.bingocard.com"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Iaqhez.exe
O4 - HKLM\..\Run: [unwlyp] C:\WINDOWS\unwlyp.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Sp2Protect] C:\WINDOWS\system32\sp2protect.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Qelcvq.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Registry Backup] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qrq6pae9] C:\WINDOWS\system32\qrq6pae9.exe
O4 - HKLM\..\Run: [MMC Recovery] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [joh] C:\WINDOWS\joh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [DNSLoadTester] C:\WINDOWS\system32\DNSLoadTester.exe -run http://oss-content.m...re.com/dnstest/
O4 - HKLM\..\Run: [dETc8] C:\WINDOWS\psyittp.exe
O4 - HKLM\..\Run: [dexubmn] C:\WINDOWS\dexubmn.exe
O4 - HKLM\..\Run: [q1rhikht] C:\WINDOWS\system32\q1rhikht.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gfgecZAli] C:\WINDOWS\tighe.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [qfsh] C:\WINDOWS\qfsh.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Power2GoExpress] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [qmwk] C:\PROGRA~1\COMMON~1\qmwk\qmwkm.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.../prod/DD_v4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE







3D Groove Playback Engine
Ad-aware 6 Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
ArcSoft Software Suite
Best Buy imagelab home
Creative Modem Blaster PCI Value DI5652-1
D-helper Web Driver
Digital Media Reader
DivX Codec 3.1alpha release
dvdSanta 3.45
DVDXCopy Xpress 3.0.1
Easy Remover 2004 Pro
EliteBar Internet Explorer Toolbar
Freedom Security & Privacy
GrabIt 1.4.7 Beta
HijackThis 1.99.1
Image Converter 2
Intel Application Accelerator
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
ISTsvc
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 Patch
JascUpdate
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_04
Java Web Start
Kazaa Lite K++ v2.4.3
Lexmark Z700-P700 Series
LimeWire
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Works 7.0
Miss Bingo
Nero 6 Demo
Netscape (7.2)
Playtime Bingo
Power2Go 4.0
PowerDVD
QuickTime
Radio@Netscape
RealPlayer
RegistryFix v3.0
Shareaza version 2.1.0.0
ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back
Sony MP4 Shared Library
Spybot - Search & Destroy 1.3
Super TextTwist
TSA
UltraPlayer
Uninstall JL2005A Toy Camera
Win-dh
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
XDCC Catcher Basic
XoftSpy
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v4
Yahoo! Toolbar

Freedom® Anti-Spyware
Spyware Report (4/18/2005 9:34:05 AM)

Spyware deleted Type Date deleted
2o7.net Tracking cookie 4/14/2005 5:52:53 PM
Advertising.com Tracking cookie 4/14/2005 5:52:53 PM
AtlasDMT.com Tracking cookie 4/14/2005 5:52:53 PM
Centrport.net Tracking cookie 4/14/2005 5:52:53 PM
Com.com Tracking cookie 4/14/2005 5:52:54 PM
DoubleClick Tracking cookie 4/14/2005 5:52:54 PM
Ehg.Hitbox Tracking cookie 4/14/2005 5:52:54 PM
FastClick.com Tracking cookie 4/14/2005 5:52:54 PM
GeoCities Tracking cookie 4/14/2005 5:52:54 PM
HitBox.com Tracking cookie 4/14/2005 5:52:54 PM
Overture.com Tracking cookie 4/14/2005 5:52:55 PM
QuestionMarket.com Tracking cookie 4/14/2005 5:52:55 PM
Servedby.Advertising.com Tracking cookie 4/14/2005 5:52:55 PM
TribalFusion.com Tracking cookie 4/14/2005 5:52:55 PM
XXXToolBar.com Tracking cookie 4/14/2005 5:52:55 PM
Z1.Adserver.com Tracking cookie 4/14/2005 5:52:55 PM
Zedo Tracking cookie 4/14/2005 5:52:55 PM
GameSpyID.com Tracking cookie 4/14/2005 8:33:13 PM
Revenue.net Tracking cookie 4/14/2005 8:33:28 PM
Revenue.net Tracking cookie 4/14/2005 8:33:28 PM
Revenue.net Tracking cookie 4/14/2005 8:33:28 PM
Revenue.net Tracking cookie 4/14/2005 8:34:23 PM
Revenue.net Tracking cookie 4/14/2005 8:34:23 PM
Unknown BHO Registry 4/14/2005 9:23:31 PM
ISTbar Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
BingoFun Games Registry 4/14/2005 9:23:31 PM
Unknown Hijacker Registry 4/14/2005 9:23:31 PM
Ezula TopText Registry 4/14/2005 9:23:31 PM
Ezula TopText Registry 4/14/2005 9:23:31 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:32 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
Ezula TopText Registry 4/14/2005 9:23:33 PM
IPInsight Registry 4/14/2005 9:23:41 PM
DownloadWare Registry 4/14/2005 9:23:42 PM
DownloadWare Registry 4/14/2005 9:23:43 PM
XoloX Registry 4/14/2005 9:23:43 PM
XoloX Registry 4/14/2005 9:23:43 PM
KaZaA Registry 4/14/2005 9:23:43 PM
KaZaA Registry 4/14/2005 9:23:43 PM
KaZaA Registry 4/14/2005 9:23:43 PM
KaZaA Registry 4/14/2005 9:23:43 PM
KaZaA Registry 4/14/2005 9:23:43 PM
BearShare Registry 4/14/2005 9:23:43 PM
BearShare Registry 4/14/2005 9:23:44 PM
Download Accelerator Plus Registry 4/14/2005 9:23:44 PM
Download Accelerator Plus Registry 4/14/2005 9:23:44 PM
Download Accelerator Plus Registry 4/14/2005 9:23:44 PM
Download Accelerator Plus Registry 4/14/2005 9:23:44 PM
Download Accelerator Plus Registry 4/14/2005 9:23:44 PM
SaveNow Registry 4/14/2005 9:23:44 PM
SaveNow Registry 4/14/2005 9:23:44 PM
SaveNow Registry 4/14/2005 9:23:44 PM
SaveNow Registry 4/14/2005 9:23:44 PM
MidAddle Application 4/14/2005 9:23:44 PM
Limewire Application 4/14/2005 9:23:44 PM
Limewire Application 4/14/2005 9:23:44 PM
Limewire Application 4/14/2005 9:23:44 PM
Unknown Dialer Application 4/14/2005 9:23:44 PM
Unknown Dialer Application 4/14/2005 9:23:44 PM
Unknown Trojan Application 4/14/2005 9:23:44 PM
Unknown Trojan Application 4/14/2005 9:23:44 PM
SearchEnhancement Application 4/14/2005 9:23:46 PM
SearchEnhancement Application 4/14/2005 9:23:47 PM
SearchEnhancement Application 4/14/2005 9:23:48 PM
SearchEnhancement Application 4/14/2005 9:23:49 PM
SearchEnhancement Application 4/14/2005 9:23:50 PM
SearchEnhancement Application 4/14/2005 9:23:51 PM
SearchEnhancement Application 4/14/2005 9:23:52 PM
SearchEnhancement Application 4/14/2005 9:23:53 PM
Shareaza Application 4/14/2005 9:23:53 PM
Shareaza Application 4/14/2005 9:23:53 PM
Shareaza Application 4/14/2005 9:23:53 PM
Shareaza Application 4/14/2005 9:23:53 PM
Shareaza Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:53 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:54 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:55 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
GameSpy Arcade Application 4/14/2005 9:23:56 PM
Grokster Application 4/14/2005 9:23:57 PM
WebHancer Application 4/14/2005 9:23:58 PM
WebHancer Application 4/14/2005 9:23:59 PM
Cracking Tool Application 4/14/2005 9:23:59 PM
Cracking Tool Application 4/14/2005 9:23:59 PM
Cracking Tool Application 4/14/2005 9:23:59 PM
Dropper Application 4/14/2005 9:23:59 PM
Dropper Application 4/14/2005 9:23:59 PM
Bluebeep 0.10a Application 4/14/2005 9:23:59 PM
Powerscan Registry 4/14/2005 9:25:32 PM
Powerscan Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:32 PM
GameSpy Arcade Registry 4/14/2005 9:25:33 PM
GameSpy Arcade Registry 4/14/2005 9:25:33 PM
GameSpy Arcade Registry 4/14/2005 9:25:33 PM
GameSpy Arcade Registry 4/14/2005 9:25:33 PM
KaZaA Registry 4/14/2005 9:25:33 PM
BearShare Registry 4/14/2005 9:25:33 PM
BearShare Registry 4/14/2005 9:25:33 PM
BearShare Registry 4/14/2005 9:25:33 PM
BearShare Registry 4/14/2005 9:25:33 PM
BearShare Registry 4/14/2005 9:25:33 PM
Download Accelerator Plus Registry 4/14/2005 9:25:33 PM
Download Accelerator Plus Registry 4/14/2005 9:25:33 PM
Download Accelerator Plus Registry 4/14/2005 9:25:33 PM
Download Accelerator Plus Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Ezula Registry 4/14/2005 9:25:33 PM
Fire Daemon Application 4/14/2005 9:25:33 PM
Advertising.com Tracking cookie 4/14/2005 10:17:48 PM
Servedby.Advertising.com Tracking cookie 4/14/2005 10:17:49 PM
ISTbar Registry 4/14/2005 10:33:19 PM
DownloadWare Registry 4/14/2005 10:33:21 PM
DownloadWare Registry 4/14/2005 10:33:21 PM
ShopAtHomeSelect.com Tracking cookie 4/14/2005 11:37:41 PM
Powerscan Registry 4/14/2005 11:38:03 PM
Powerscan Registry 4/14/2005 11:38:03 PM
DyFuCA Registry 4/14/2005 11:38:04 PM
DyFuCA Registry 4/14/2005 11:38:04 PM
DyFuCA Registry 4/14/2005 11:38:04 PM
DyFuCA Registry 4/14/2005 11:38:04 PM
DyFuCA Registry 4/14/2005 11:38:05 PM
DyFuCA Registry 4/14/2005 11:38:05 PM
DyFuCA.Internet Optimizer Registry 4/14/2005 11:38:05 PM
DyFuCA.Internet Optimizer Registry 4/14/2005 11:38:05 PM
DyFuCA.Internet Optimizer Registry 4/14/2005 11:38:05 PM
DyFuCA.Internet Optimizer Registry 4/14/2005 11:38:05 PM
SAHAgent Registry 4/14/2005 11:38:16 PM
SAHAgent Registry 4/14/2005 11:38:17 PM
ISTbar.XXXToolbar Registry 4/14/2005 11:38:17 PM
ISTbar.XXXToolbar Registry 4/14/2005 11:38:18 PM
ISTbar.XXXToolbar Registry 4/14/2005 11:38:18 PM
ISTbar.XXXToolbar Registry 4/14/2005 11:38:18 PM
ISTbar.XXXToolbar Registry 4/14/2005 11:38:18 PM
ISTbar Registry 4/14/2005 11:38:19 PM
ISTbar Registry 4/14/2005 11:38:19 PM
ISTbar Registry 4/14/2005 11:38:19 PM
Ezula Registry 4/14/2005 11:38:19 PM
Ezula Registry 4/14/2005 11:38:19 PM
Ezula Registry 4/14/2005 11:38:19 PM
Ezula Registry 4/14/2005 11:38:19 PM
SearchEnhancement Application 4/14/2005 11:38:20 PM
SearchEnhancement Application 4/14/2005 11:38:20 PM
SearchEnhancement Application 4/14/2005 11:38:20 PM
SearchEnhancement Application 4/14/2005 11:38:21 PM
SearchEnhancement Application 4/14/2005 11:38:21 PM
SearchEnhancement Application 4/14/2005 11:38:21 PM
SearchEnhancement Application 4/14/2005 11:38:22 PM
SearchEnhancement Application 4/14/2005 11:38:22 PM
Grokster Application 4/14/2005 11:38:22 PM
WebHancer Application 4/14/2005 11:38:23 PM
WebHancer Application 4/14/2005 11:38:23 PM
DyFuCA.SafeSurfing Registry 4/15/2005 1:29:03 AM
DownloadWare Registry 4/15/2005 1:29:06 AM
XoloX Registry 4/15/2005 1:29:06 AM
XoloX Registry 4/15/2005 1:29:06 AM
KaZaA Registry 4/15/2005 1:29:06 AM
Revenue.net Tracking cookie 4/15/2005 1:40:05 AM
AtlasDMT.com Tracking cookie 4/15/2005 1:46:06 AM
Revenue.net Tracking cookie 4/15/2005 1:46:06 AM
Advertising.com Tracking cookie 4/15/2005 2:13:19 AM
Servedby.Advertising.com Tracking cookie 4/15/2005 2:13:19 AM
ShopAtHomeSelect.com Tracking cookie 4/15/2005 5:11:51 AM
ShopAtHomeSelect.com Tracking cookie 4/15/2005 5:23:56 AM
ShopAtHomeSelect.com Tracking cookie 4/15/2005 11:31:16 AM
SaveNow Registry 4/15/2005 7:19:46 PM
SaveNow Registry 4/15/2005 7:19:46 PM
KaZaA Registry 4/15/2005 7:19:46 PM
XoloX Registry 4/15/2005 7:19:46 PM
XoloX Registry 4/15/2005 7:19:46 PM
DownloadWare Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:48 PM
Ezula TopText Registry 4/15/2005 7:19:49 PM
Xrenoder Registry 4/15/2005 7:19:49 PM
ISTbar Registry 4/15/2005 7:19:49 PM
ISTbar Registry 4/15/2005 7:19:49 PM
DyFuCA.SafeSurfing Registry 4/15/2005 7:19:49 PM
SAHAgent Registry 4/15/2005 7:19:49 PM
DyFuCA Registry 4/15/2005 7:19:49 PM
Revenue.net Tracking cookie 4/15/2005 11:35:16 PM
Zedo Tracking cookie 4/15/2005 11:35:16 PM
Revenue.net Tracking cookie 4/16/2005 2:57:07 PM
Advertising.com Tracking cookie 4/16/2005 8:49:28 PM
Servedby.Advertising.com Tracking cookie 4/16/2005 8:49:31 PM
ShopAtHomeSelect.com Tracking cookie 4/16/2005 8:49:36 PM
ShopAtHomeSelect.com Tracking cookie 4/16/2005 8:59:13 PM
SaveNow Registry 4/16/2005 9:45:04 PM
SaveNow Registry 4/16/2005 9:45:04 PM
KaZaA Registry 4/16/2005 9:45:04 PM
XoloX Registry 4/16/2005 9:45:04 PM
XoloX Registry 4/16/2005 9:45:04 PM
DownloadWare Registry 4/16/2005 9:45:06 PM
IPInsight Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:06 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Ezula TopText Registry 4/16/2005 9:45:07 PM
Xrenoder Registry 4/16/2005 9:45:07 PM
BingoFun Games Registry 4/16/2005 9:45:07 PM
ISTbar Registry 4/16/2005 9:45:07 PM
ISTbar Registry 4/16/2005 9:45:07 PM
DyFuCA.SafeSurfing Registry 4/16/2005 9:45:07 PM
SAHAgent Registry 4/16/2005 9:45:07 PM
SAHAgent Registry 4/16/2005 9:45:08 PM
DyFuCA Registry 4/16/2005 9:45:08 PM
DyFuCA Registry 4/16/2005 9:45:08 PM
DyFuCA Registry 4/16/2005 9:45:08 PM
SaveNow Registry 4/17/2005 11:32:44 PM
SaveNow Registry 4/17/2005 11:32:44 PM
KaZaA Registry 4/17/2005 11:32:44 PM
XoloX Registry 4/17/2005 11:32:44 PM
XoloX Registry 4/17/2005 11:32:44 PM
DownloadWare Registry 4/17/2005 11:32:47 PM
BingoFun Games Registry 4/17/2005 11:32:47 PM
DyFuCA.SafeSurfing Registry 4/17/2005 11:32:47 PM
SAHAgent Registry 4/17/2005 11:32:48 PM
SAHAgent Registry 4/17/2005 11:32:48 PM
ShopAtHomeSelect.com Tracking cookie 4/18/2005 2:20:11 AM
SaveNow Registry 4/18/2005 2:30:32 AM
SaveNow Registry 4/18/2005 2:30:32 AM
KaZaA Registry 4/18/2005 2:30:32 AM
XoloX Registry 4/18/2005 2:30:32 AM
DownloadWare Registry 4/18/2005 2:30:34 AM
IPInsight Registry 4/18/2005 2:30:35 AM
Xrenoder Registry 4/18/2005 2:30:37 AM
ISTbar Registry 4/18/2005 2:30:37 AM
ISTbar Registry 4/18/2005 2:30:37 AM
SAHAgent Registry 4/18/2005 2:30:37 AM
ISTbar Registry 4/18/2005 3:30:29 AM
ISTbar Registry 4/18/2005 3:30:29 AM
AtlasDMT.com Tracking cookie 4/18/2005 4:24:33 AM

File generated by Freedom® Anti-Spyware
  • 0

#4
markedmanner

markedmanner

    Member

  • Member
  • PipPip
  • 87 posts
If you want to post help in the Malware Removal forum here at GTG, you need to be a staff member. Click here to join Geek U.

ScHwErV :tazz:

Edited by Geek U Moderator

Edited by ScHwErV, 18 April 2005 - 08:10 AM.

  • 0

#5
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
donpldp

Nice collection you have going there. First we will need to download and run a few tools. Then we will get on to some uninstalls. This is going to be a few step process because of all the different problems that you have.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Run the CleanUp! installer. You dont need to do anything with it right now.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

EliteBar Internet Explorer Toolbar
Freedom Security & Privacy
GrabIt 1.4.7 Beta
ISTsvc
ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back
XoftSpy


Reboot your computer into normal windows.

After all that, please post a fresh HijackThis log. This will not get all the infections that are in your log. But it will make the manual removals much easier later on.

ScHwErV :tazz:
  • 0

#6
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:35:01 PM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\sp2protect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\sp2protect.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\DNSLoadTester.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Radio@Netscape\Radio@Netscape.exe
C:\WINDOWS\system32\Thpfdx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AOLMed~1.exe
C:\Documents and Settings\Donald Palmer\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.bingocard.com"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Iaqhez.exe
O4 - HKLM\..\Run: [unwlyp] C:\WINDOWS\unwlyp.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Sp2Protect] C:\WINDOWS\system32\sp2protect.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Thpfdx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Registry Backup] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMC Recovery] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [joh] C:\WINDOWS\joh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DNSLoadTester] C:\WINDOWS\system32\DNSLoadTester.exe -run http://oss-content.m...re.com/dnstest/
O4 - HKLM\..\Run: [dETc8] C:\WINDOWS\psyittp.exe
O4 - HKLM\..\Run: [dexubmn] C:\WINDOWS\dexubmn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gfgecZAli] C:\WINDOWS\tighe.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [qfsh] C:\WINDOWS\qfsh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitezzw32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [RebootAfterUninstallingFreedom] C:\WINDOWS\system32\runonce.exe
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Power2GoExpress] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [qmwk] C:\PROGRA~1\COMMON~1\qmwk\qmwkm.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.../prod/DD_v4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE




it wouldnt let met delete the elite tool bar or freedom but i did delete freedom when i booted back up i thank u for you help ohh the first scan didnt find nothing but clean up cleared 258 mb
  • 0

#7
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
donpldp

Your log is still a mess. Lets get after it.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Iaqhez.exe
O4 - HKLM\..\Run: [unwlyp] C:\WINDOWS\unwlyp.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Sp2Protect] C:\WINDOWS\system32\sp2protect.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Thpfdx.exe
O4 - HKLM\..\Run: [Registry Backup] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMC Recovery] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\username.exe
O4 - HKLM\..\Run: [joh] C:\WINDOWS\joh.exe
O4 - HKLM\..\Run: [DNSLoadTester] C:\WINDOWS\system32\DNSLoadTester.exe -run http://oss-content.m...re.com/dnstest/
O4 - HKLM\..\Run: [dETc8] C:\WINDOWS\psyittp.exe
O4 - HKLM\..\Run: [dexubmn] C:\WINDOWS\dexubmn.exe
O4 - HKLM\..\Run: [gfgecZAli] C:\WINDOWS\tighe.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [qfsh] C:\WINDOWS\qfsh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitezzw32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [qmwk] C:\PROGRA~1\COMMON~1\qmwk\qmwkm.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these folders using Windows Explorer(if present):

C:\Program Files\ISTsvc\
C:\Program Files\Common Files\qmwk\
C:\Program Files\Common Files\tsa
C:\Program Files\Internet Optimizer\
C:\program files\180solutions\
C:\Program Files\XoftSpy\
C:\WINDOWS\EliteToolBar\

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\Iaqhez.exe
C:\WINDOWS\unwlyp.exe
C:\WINDOWS\system32\sp2protect.exe
C:\WINDOWS\system32\Thpfdx.exe
C:\WINDOWS\system32\wuauclt10.exe
C:\WINDOWS\system32\username.exe
C:\WINDOWS\joh.exe
C:\WINDOWS\system32\DNSLoadTester.exe
C:\WINDOWS\psyittp.exe
C:\WINDOWS\dexubmn.exe
C:\WINDOWS\tighe.exe
C:\WINDOWS\qfsh.exe
c:\windows\system32\elitezzw32.exe

After that, Reboot.

After all that, please post a fresh HiJackThis log.

ScHwErV :tazz:
  • 0

#8
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
imk sorry i dont know what happen but it s back did all the steps over again but the hijack fix part plz help me i dont have an anti virus no more u told me to get rid of freedom please help desprate
  • 0

#9
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
imk sorry i dont know what happen but it s back did all the steps over again but the hijack fix part plz help me i dont have an anti virus no more u told me to get rid of freedom please help desprate


Logfile of HijackThis v1.99.1
Scan saved at 8:19:16 PM, on 04/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\nalbur.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\CyberLink\Power2Go\Power2Go.exe
C:\Documents and Settings\Donald Palmer\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oemji.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.bingocard.com"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitefep32.exe
O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
O4 - HKLM\..\Run: [kkckqsp] c:\windows\system32\nalbur.exe
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Power2GoExpress] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.../prod/DD_v4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames...egames_live.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#10
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
I will be back tomorrow to look over your log. In the interim, please dowload, install, and update AVG Antivirus.

http://www.grisoft.com

ScHwErV :tazz:
  • 0

Advertisements


#11
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i really needs help swerv plz come back to me i know i f up help plzzzzzzzzzzzzz
  • 0

#12
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Sorry for your wait. You have a new infection that we are still working on. This fix has been used successfully many times now so give it a shot and lets see whats left over.

Please run Notepad and copy the following text into a new file:

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Open HijackThis
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

There will also be an item towards the bottom of the O4 section in HijackThis (it should be the last O4 item marked "HKLM", and it should be between the entries for SpamExtract and Radio@Netscape). This item will be marked with "garbage" random characters. However, it seems to be renaming itself so the name will most likely be different by the time you follow these directions. In your previous log it was:

O4 - HKLM\..\Run: [kkckqsp] c:\windows\system32\nalbur.exe

Whatever the name of the item is, check it. Then close all open windows except for HijackThis and click Fix Checked.

Then delete the file listed in the random O4 entry. In the above example you would delete
c:\windows\system32\nalbur.exe

Restart your computer

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Than let it rerun. Save that log too.

Post back here with a fresh log using HijackThis and both of the scan results.

ScHwErV :tazz:
  • 0

#13
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i have had thebiggest scare of my life my computer was moving slugish so i rebooted right and it wouldnt reboot it just stayed at the winxp loading screen so i went to safe mode and did what u ask i couldnt find the first thing and ran the ad ware and avg it still wouldnt boot so some how i kept trying and it fanally booted in old good configuration do u think this is the virus

Logfile of HijackThis v1.99.1
Scan saved at 8:23:12 PM, on 05/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Donald Palmer\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oemji.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.bingocard.com"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Donald Palmer\Application Data\Mozilla\Profiles\default\i10qlbaz.slt\prefs.js)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\RunOnce: [Web Offer] Command /c del C:\WINDOWS\system32\EZPOPS~1.EXE (i got rid of this one again but it was in normal mode i will check and if its gone 4 good)
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.../prod/DD_v4.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames...egames_live.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
  • 0

#14
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Most of the nail.exe infection seems to be gone, but lets run ewido again in safe mode just to be sure.

After that, post a fresh HiJackThis log and let me know how things are running.

ScHwErV :tazz:
  • 0

#15
donpldp

donpldp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:12:42 PM, 05/01/2005
+ Report-Checksum: A99E6884

+ Date of database: 05/02/2005
+ Version of scan engine: v3.0

+ Duration: 73 min
+ Scanned Files: 137905
+ Speed: 31.11 Files/Second
+ Infected files: 44
+ Removed files: 44
+ Files put in quarantine: 44
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Donald Palmer\.jpi_cache\file\1.0\Dummy.class-5db50b5e-24ca4c7f.class -> Trojan.ClassLoader.Dummy.d -> Cleaned with backup
C:\Documents and Settings\Donald Palmer\Cookies\donald palmer@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\180Solutions\sais.exe -> Spyware.180Solutions -> Cleaned with backup
C:\Program Files\180Solutions\saishook.dll -> Spyware.180solutions -> Cleaned with backup
C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD.ag -> Cleaned with backup
C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD.am -> Cleaned with backup
C:\Program Files\Power Scan\powerscan.exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\Program Files\SideFind\sfbho.dll -> Spyware.SideFind -> Cleaned with backup
C:\RECYCLER\S-1-5-21-370030131-3186773635-3883207141-1006\Dc7.exe -> Spyware.Ezula -> Cleaned with backup
C:\WINDOWS\70tovmto.exe -> Spyware.Sahat.o -> Cleaned with backup
C:\WINDOWS\ahadp.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD -> Cleaned with backup
C:\WINDOWS\fut.exe -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\gqfltsa.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\sideb.exe -> Spyware.EliteBar.z -> Cleaned with backup
C:\WINDOWS\system32\angelex.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper.x -> Cleaned with backup
C:\WINDOWS\system32\exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\HookPopup.dll -> Spyware.DealHelper.ab -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\system32\msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\ntsys32.exe -> Backdoor.ServU.a -> Cleaned with backup
C:\WINDOWS\system32\Rytccb.exe -> Spyware.DealHelper.ab -> Cleaned with backup
C:\WINDOWS\system32\shell32.exe -> Spyware.WinAD.k -> Cleaned with backup
C:\WINDOWS\system32\Thpfdx.exe -> Trojan.Popmon.a -> Cleaned with backup
C:\WINDOWS\system32\username.exe -> Spyware.EliteBar.z -> Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\xcdzzcnov.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\zeta.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\WINDOWS\__delete_on_reboot__Bolger.dll -> Spyware.BetterInternet -> Cleaned with backup


::Report End
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP