Hi
Sorry No luck
It seemed to work at first but within a minute of logging in Spy Sheriff and all his deputy pop ups came flooding back. I attach the requested Logs and some thoughts I had when following your instructions.
smitRem seemed to need XP , I have Windows 2000.
I could not scan Archives in Ewido because it was greyed out.
I could not find the display/desktop/etc commands
As ever I appreciate your help
TerryR
Panda Log
Incident Status Location
Virus:W32/Admincash.B Disinfected Operating system
Adware:Adware/IESearchBar No disinfected C:\WINNT\isrvs\mfiltis.dll
Adware:Adware/nCase No disinfected C:\WINNT\nytsnmn.exe
Adware:Adware/Startpage.AAO No disinfected C:\WINNT\system32\sex.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\Catcher.dll
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs\sysupd.dll
Adware:Adware/Beginto No disinfected C:\WINNT\system32\nsp2.dll
Adware:Adware/nCase No disinfected C:\WINNT\nytsnmn.exe
Adware:Adware/IESearchBar No disinfected C:\WINNT\isrvs\desktop.exe
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs\FFISEA~1.EXE
Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\tsa\tsl.exe
Adware:Adware/Startpage.AAO No disinfected C:\WINNT\system32\sex.exe
Adware:Adware/Maxifiles No disinfected C:\PROGRA~1\COMMON~1\MC-58-~1.EXE
Adware:Adware/SpywareNo No disinfected C:\winstall.exe
Adware:Adware/Startpage.AAO No disinfected C:\WINNT\system32\sex.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\cache32_rtneg?
Adware:Adware/nCase No disinfected C:\DOCUME~1\TRegan\LOCALS~1\Temp\180sainstaller.exe
Spyware:Spyware/AdClicker No disinfected C:\WINNT\usta33.ini
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINNT\unstall.exe
Adware:Adware/CWS No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\DOCUME~1\TRegan\LOCALS~1\Temp\cfout.txt
Adware:Adware/WinTools No disinfected C:\WINNT\hisistheurls.exe
Adware:Adware/Sqwire No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINNT\system32\main.exe
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs
Adware:Adware/SearchExe No disinfected C:\WINNT\Downloaded Program Files\on-line.exe
Spyware:Spyware/Media-motor No disinfected Windows Registry
Adware:Adware/Beginto No disinfected C:\WINNT\system32\nsp2.dll
Spyware:Spyware/YourSiteBar No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINNT\inst
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\TRegan\Favorites\1111\1111.url
Adware:Adware/Startpage.AAO No disinfected C:\WINNT\system32\dload.exe
Adware:Adware/ImGiant No disinfected C:\Program Files\joystick networks
Adware:Adware/SpywareNo No disinfected Windows Registry
Adware:Adware/SpySheriff No disinfected C:\winstall.exe
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\TRegan\Favorites\1111\1111.url
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\TRegan\Local Settings\Temp\clnE5.tmp
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\TRegan\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\5UJEFS20\stubinstallerBundle[1].exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\5UJEFS20\stubinstallerThin[1].exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\C96NGLAF\dnscatcher[1].exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\C96NGLAF\nem220[1].dll
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\C96NGLAF\optimize314[1].exe
Adware:Adware/Beginto No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\EVOLCL8L\sp[1].js
Adware:Adware/TopConvert No disinfected C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\N55L46VO\protect[1].htm
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\fkqq\fkqqd\fkqqc.dll
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\FreeProd1\mc-58-12-0000093.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\FreeProd2\mc-58-12-0000093.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\FreeProdFetch\mc-58-12-0000093.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\mc-58-12-0000093.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[Catcher.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\tsa\tsl.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\Catcher.dll
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\gui.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\tmp.exe
Adware:Adware/Beginto No disinfected C:\Program Files\Lavasoft\Ad-Aware SE Personal\bigtraffic.exe
Spyware:Spyware/Media-motor No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\30C480B6-52D6-43BB-91A4-2780FE.asq
Spyware:Spyware/Media-motor No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\45A4017E-1FC1-4BDD-A4A7-7A219D.asq
Spyware:Spyware/Media-motor No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5F8653B5-49AA-4D9A-8B08-D90188.asq
Spyware:Spyware/Media-motor No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\92011946-46D6-48A2-8B45-2B3199.asq
Spyware:Spyware/Media-motor No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9CEE2EFA-5C85-4E18-9F93-9A1B8F.asq
Adware:Adware/Maxifiles No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0A0E2E8E-E95D-4A2B-91D7-BEB8A1\E918ED88-B428-4AB7-9B45-F6CB7D
Adware:Adware/Maxifiles No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\36BBDB59-FE61-4E27-8505-9B9578\450ABC4D-8EBD-46EB-9E4D-1FA0E6
Adware:Adware/Maxifiles No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4E2386F0-8422-4C7F-B2A5-43F667\857169B1-87F4-46AB-8CDF-A0E942
Adware:Adware/Maxifiles No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BE7D863B-0FF1-40DE-A403-E5096A\73D2CCB3-353F-41BE-83BD-425EA4
Adware:Adware/Maxifiles No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C3C252B8-F08F-4B4F-8C61-2AA1A8\FF291565-0996-4883-85FD-9E1961
Adware:Adware/Maxifiles No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F9C54FAB-2A58-41B4-8B5B-3041E4\272A12AD-EA6F-49EC-97BE-03E411
Adware:Adware/SpywareNo No disinfected C:\Program Files\SpySheriff\ProcMon.dll
Adware:Adware/Maxifiles No disinfected C:\RECYCLER\S-1-5-21-507921405-1708537768-839522115-500\Dc1.dll
Adware:Adware/ISearch No disinfected C:\RECYCLER\S-1-5-21-507921405-1708537768-839522115-500\Dc4.xpi
Adware:Adware/ISearch No disinfected C:\RECYCLER\S-1-5-21-507921405-1708537768-839522115-500\Dc4.xpi[isearch.jar][isearch.js]
Adware:Adware/Beginto No disinfected C:\WINNT\bigtraffic.exe
Adware:Adware/ISearch No disinfected C:\WINNT\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINNT\deskbar.ini
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\m67m.inf
Adware:Adware/IGuard No disinfected C:\WINNT\Downloaded Program Files\on-line.exe
Virus:W32/Admincash.B Disinfected C:\WINNT\explorer.exe
Adware:Adware/WinTools No disinfected C:\WINNT\hisistheurls.exe
Spyware:Spyware/Dyfuca No disinfected C:\WINNT\inst\3p_1.exe
Adware:Adware/IESearchBar No disinfected C:\WINNT\isrvs\desktop.exe
Adware:Adware/FIsearch No disinfected C:\WINNT\isrvs\edmond.exe
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs\ffisearch.exe
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs\isearch.xpi
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/IESearchBar No disinfected C:\WINNT\isrvs\mfiltis.dll
Adware:Adware/FIsearch No disinfected C:\WINNT\isrvs\msdbhk.dll
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs\sysupd.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\msxct1.ini
Adware:Adware/nCase No disinfected C:\WINNT\nytsnmn.exe
Virus:W32/Admincash.B Disinfected C:\WINNT\system32\dllcache\explorer.exe
Adware:Adware/Startpage.AAO No disinfected C:\WINNT\system32\dload.exe
Virus:Trj/Delprot.A Disinfected C:\WINNT\system32\drivers\delprot.sys
Adware:Adware/DealHelper No disinfected C:\WINNT\system32\main.exe
Adware:Adware/Maxifiles No disinfected C:\WINNT\system32\mc-58-12-0000093.exe
Adware:Adware/Beginto No disinfected C:\WINNT\system32\nsp2.dll
Adware:Adware/ImGiant No disinfected C:\WINNT\system32\protect.exe
Adware:Adware/Startpage.AAO No disinfected C:\WINNT\system32\sex.exe
Adware:Adware/Sqwire No disinfected C:\WINNT\system32\tsuninst.exe
Adware:Adware/Maxifiles No disinfected C:\WINNT\system32\welcome.txt
Spyware:Spyware/Media-motor No disinfected C:\WINNT\unstall.exe
Spyware:Spyware/AdClicker No disinfected C:\WINNT\usta33.ini
Adware:Adware/Maxifiles No disinfected C:\WINNT\welcome.txt
Adware:Adware/SpywareNo No disinfected C:\winstall.exe
Ewido Log
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 14:18:19, 27/06/2005
+ Report-Checksum: 50A3CC56
+ Date of database: 27/06/2005
+ Version of scan engine: v3.0
+ Duration: 10 min
+ Scanned Files: 20648
+ Speed: 31.71 Files/Second
+ Infected files: 48
+ Removed files: 48
+ Files put in quarantine: 48
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: No
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\TRegan\Cookies\tregan@21971720[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\N55L46VO\dbn1742[1].exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\TRegan\Local Settings\Temporary Internet Files\Content.IE5\N55L46VO\mp3[1].ocx -> TrojanDownloader.Agent.ex -> Cleaned with backup
C:\Program Files\180searchassistant\sachook.dll -> Spyware.180Solutions -> Cleaned with backup
C:\Program Files\Common Files\fkqq\fkqqa.exe -> TrojanDownloader.TSUpdate.l -> Cleaned with backup
C:\Program Files\Common Files\fkqq\fkqql.exe -> TrojanDownloader.TSUpdate.j -> Cleaned with backup
C:\Program Files\Common Files\fkqq\fkqqm.exe -> TrojanDownloader.TSUpdate.k -> Cleaned with backup
C:\Program Files\Common Files\fkqq\fkqqp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\Program Files\Lavasoft\Ad-Aware SE Personal\sefe.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\Program Files\MaxiFiles\maxifiles.dll -> Spyware.SearchIt -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4723FBFA-FEDC-4A0A-9825-CB48B3\EF3127D9-B7F5-4196-8842-72FC7D -> Spyware.Isearch -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\93BF0D7B-E0F6-46B6-A529-B62DB8\3B2C0B0B-2D9E-4EDD-B9B5-4375EE -> TrojanDownloader.Ieser.a -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\93BF0D7B-E0F6-46B6-A529-B62DB8\BDCD546E-E4A3-40B8-A3D2-2DF4B3 -> Spyware.Isearch -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AE652F50-4471-4E56-B872-4DAE7A\68B84582-A574-410C-ABE6-DCF9CD -> TrojanDownloader.Ieser.a -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1965331169-725345543-1114\Dc15.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1965331169-725345543-1114\Dc18.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1965331169-725345543-1114\Dc22.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1965331169-725345543-1114\Dc26.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1965331169-725345543-1114\Dc30.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1965331169-725345543-1114\Dc8.exe -> Dialer.Generic -> Cleaned with backup
C:\WINNT\convert.exe -> Spyware.Small.ga -> Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\ysbactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.2\ysbactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINNT\Downloaded Program Files\ysbactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINNT\imgthin.exe -> TrojanDownloader.VB.if -> Cleaned with backup
C:\WINNT\isrvs\delprot.sys -> Trojan.Delprot.a -> Cleaned with backup
C:\WINNT\isrvs\ffisearch.exe -> Spyware.Isearch -> Cleaned with backup
C:\WINNT\isrvs\mfiltis.dll -> Spyware.ISearch.d -> Cleaned with backup
C:\WINNT\isrvs\sysupd.dll -> TrojanDownloader.Ieser.a -> Cleaned with backup
C:\WINNT\sefe.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\WINNT\sex.exe -> TrojanDownloader.Small.my -> Cleaned with backup
C:\WINNT\sex2.exe -> Dialer.Generic -> Cleaned with backup
C:\WINNT\system32\COMMCOS2.DLL -> Spyware.SafeSurfing -> Cleaned with backup
C:\WINNT\system32\drivers\delprot.sys -> Trojan.Delprot.a -> Cleaned with backup
C:\WINNT\system32\nsg2.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINNT\system32\nsg45.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINNT\system32\nsg4A.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINNT\system32\nsi3.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINNT\system32\nsn2.dll -> Spyware.Beginto.c -> Cleaned with backup
C:\WINNT\system32\nso123.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\WINNT\system32\nsv2.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINNT\system32\nsw2.dll -> Spyware.Beginto.c -> Cleaned with backup
C:\WINNT\system32\nsx2.dll -> Spyware.Beginto.c -> Cleaned with backup
C:\WINNT\system32\regsync.exe -> Spyware.SafeSurfing -> Cleaned with backup
C:\WINNT\system32\sefe.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\WINNT\system32\sex.exe -> TrojanDownloader.Small.my -> Cleaned with backup
C:\WINNT\system32\svhost.exe -> Backdoor.Generic -> Cleaned with backup
C:\WINNT\system32\vbrundll.dll -> Spyware.SafeSurfing -> Cleaned with backup
::Report End
Hijack Log
Logfile of HijackThis v1.99.1
Scan saved at 17:33:29, on 27/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\program files\180searchassistant\sac.exe
C:\WINNT\system32\sex.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\RMClient\PMClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\system32\nsp2.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINNT\system32\richedtr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sac] c:\program files\180searchassistant\sac.exe
O4 - HKLM\..\Run: [nytsnmn] C:\WINNT\nytsnmn.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINNT\system32\sex.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [System backup] C:\WINNT\System32\082e4923.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000093.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINNT\system32\sex.exe
O4 - HKCU\..\Run: [fkqq] C:\PROGRA~1\COMMON~1\fkqq\fkqqm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.addictivetechnologies.com (HKLM)
O15 - Trusted Zone: *.addictivetechnologies.net (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.c4tdownload.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.f1organizer.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.megapornix.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.overpro.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {5938FEB1-3609-11D4-85CD-00902707DAE7} (MapCtl Class) -
http://www.promapser...test/webmap.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1118749099296O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WORTH.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WORTH.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WORTH.local
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe