Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

-=:]Spyware! Please Help![:=- [CLOSED]

Started by Surfingterd , Jun 20 2005 01:25 PM

  • This topic is locked This topic is locked

#1
Surfingterd
Posted 20 June 2005 - 01:25 PM

Surfingterd

    Member

  • Member
  • PipPip
  • 14 posts
Hello, I am not able to go to www.google.com or www.yahoo.com through IE or Firefox, I can only go to www.ask.com. I'm pretty sure the spyware on this computer is immense. Somebody please take me through a step by step solution to clear out the problems :tazz: . Thanks In Advance! ;)

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:20:06 PM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\hookdump.exe
C:\DOCUME~1\BRIANM~1\LOCALS~1\Temp\jmkd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Documents and Settings\Brian Martinolich\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:\WINDOWS\shginas.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109363747\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
O4 - HKLM\..\RunOnce: [AOLDeskbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Deskbar"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\sdayerxp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ssorprop.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fntlib.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\bwtsprx3.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

Edited by Surfingterd, 21 June 2005 - 02:23 PM.

  • 0

Advertisements

#2
Excal
Posted 22 June 2005 - 02:12 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Surfingterd and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

I noticed that your HiJackthis.exe is located on your desktop, make sure to save HijackThis in its own folder (i.e. C:\HJT). This is very important, so HiJackThis can save backups!

Download the Host Here
Please do not use program yet

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Open up the Host program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:\WINDOWS\shginas.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.dll
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\sdayerxp.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ssorprop.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fntlib.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\bwtsprx3.dll

8. click the Fix Checked box

9. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\azentretien.dll
C:\WINDOWS\shginas.dll
C:\WINDOWS\system32\azesearch4.dll
C:\WINDOWS\system32\hookdump.exe
C:\WINDOWS\system32\sdayerxp.dll
C:\WINDOWS\system32\ssorprop.dll
C:\WINDOWS\system32\fntlib.dll
C:\WINDOWS\system32\bwtsprx3.dll


10. Run the program CleanUp!

11. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

12. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#3
Surfingterd
Posted 22 June 2005 - 05:11 AM

Surfingterd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
alright, I'll do that, but should I get Ewido as well for the safe mode part?

Edited by Surfingterd, 22 June 2005 - 05:11 AM.

  • 0

#4
Excal
Posted 22 June 2005 - 08:25 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
A run of ewido in safe mode after the deleting of the files would be a very good thing to do ;)


thanks,

:tazz:

Excal
  • 0

#5
Surfingterd
Posted 25 June 2005 - 11:14 AM

Surfingterd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry for being a little late, thing is that I only come to this house once in a while.

I'm trying to download CleanUp!, but the link is down I believe, and I'm trying to search for it somewhere else (I have to use ask.com because neither google's or yahoo's website work), but the thing is that it's not the same program, I know since I've used it before, it's supposed to be a little hand cleaning something with a towel, this one shows a roadside looking sign with a guy with a shovel carrying out dirt or something.

Will the site be back up or are there any other links?

*EDIT*

This is what the browser reads, it's doing the same thing as google and yahoo, it's not letting it get through...

"Forbidden
You don't have permission to access /index.php on this server.

Apache/1.3.33 Server at spywareaid.com Port 80"

Please help...

*EDIT 2*

Can somebody host it somewhere else? I can do it when I get to my house and host it on www.lulu.com, but I wanna try to get done with this as soon as possible.

*EDIT 3*

Okay never mind, I got my friend to give me a workable link, I'll post the logs as you requested as soon as I'm done. Thanks

Edited by Surfingterd, 25 June 2005 - 12:57 PM.

  • 0

#6
Excal
Posted 25 June 2005 - 01:08 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Thanks for the headsup on that link, I will be sure to fix it.

:tazz:

Excal
  • 0

#7
Surfingterd
Posted 26 June 2005 - 03:15 AM

Surfingterd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright, as requested, here is the ActiveScan log:


Incident Status Location

Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\Brian Martinolich\Desktop\HJT\backups\backup-20050625-161313-345.inf
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Brian Martinolich\Favorites\Adult\Escorts.url
Adware:Adware/Startpage.LH No disinfected C:\Documents and Settings\Brian Martinolich\Favorites\Adult\Single Girls.url
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorPatch.log
Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\screen.html
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\SYSTEM32\azebar.xml
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\bln02nqv.exe
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\SYSTEM32\iasada.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\SYSTEM32\winnook.exe
Virus:Trj/Downloader.AUP Disinfected C:\WINDOWS\VT17.exe

here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:09:23 AM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Documents and Settings\Brian Martinolich\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

and also, here is the Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:07:49 PM, 6/25/2005
+ Report-Checksum: 5C7CEFCD

+ Date of database: 6/25/2005
+ Version of scan engine: v3.0

+ Duration: 59 min
+ Scanned Files: 87792
+ Speed: 24.57 Files/Second
+ Infected files: 138
+ Removed files: 138
+ Files put in quarantine: 138
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@19495311[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@53312104[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@63676511[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@91380899[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@dcsklxjd7oifwzramfu7ehxd9_2j2f[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@dcskqeg2voifwznnd6alhtnei_8f3u[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@myway[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@specificpop[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian martinolich@tryaolfree[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Application Data\Earthlink\6.0\[email protected]\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@1069571080[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@35487201[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@41186290[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@889585570[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@889585570[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@889642185[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@889666703[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@889679939[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@bannerspace[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@dcsgvi06gpljwp8qykja7ku7d_7i3o[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@sexsearchcom[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@spylog[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Cookies\brian martinolich@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\bmof.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@35487201[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@dcswkdum9pljwpslkirxaz7o5_7t5n[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian martinolich@sexsearchcom[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Cookies\brian [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\cpac.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\cpck.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Del35B.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Del413.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\Del4D2.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\dfoj.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\fbcg.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\fhcm.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\gcaj.exe -> Trojan.Agent.ep -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\hjjm.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\jfak.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\jkill.exe -> Spyware.VX2 -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\ldgh.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\mala.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\res35D.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\Documents and Settings\Brian Martinolich\Local Settings\Temp\res414.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\Internet Optimizer\update\install.exe -> TrojanDownloader.Dyfuca.de -> Cleaned with backup
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD.ag -> Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD -> Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\Program Files\Web_Rebates\disp1150.exe -> Spyware.WebRebates.b -> Cleaned with backup
C:\Program Files\Web_Rebates\Sy1150\Sy1150\1150_1.dat -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Windows Media Player\Slysoft AnyDVD 5.1.0.1 Crack.zip/Slysoft AnyDVD 5.1.0.1 Crack.exe -> Worm.VB.cz -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0090197.exe -> TrojanDownloader.Agent.jt -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP319\A0092598.exe -> TrojanDownloader.Agent.jt -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0092642.exe -> TrojanDownloader.Agent.jt -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP347\A0122799.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP347\A0122811.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP347\A0122821.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP348\A0125909.dll -> Spyware.AzSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP353\A0129071.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0143314.dll -> Spyware.WinAD -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0143315.dll -> Spyware.WinAD.ag -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0143316.exe -> Spyware.WinAD -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0143317.exe -> Spyware.WinAD -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0143350.exe -> Spyware.180Solutions -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0143571.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP378\A0143611.dll -> Spyware.180Solutions -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143727.exe -> Spyware.WinAD -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143728.exe -> Spyware.Sahat.o -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143732.exe -> Spyware.WinAD -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143733.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143734.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143735.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143736.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143737.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143738.dll -> Spyware.Sahat.l -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143746.exe -> Spyware.180Solutions -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143747.exe -> Spyware.180solutions -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143748.exe -> TrojanDownloader.Dyfuca.ei -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0143761.dll -> Spyware.AzSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0144731.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0145731.dll -> Spyware.AzSearch.a -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0145761.dll -> Spyware.MoneyGainer -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0145787.dll -> Spyware.180Solutions -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0146858.exe -> Spyware.Sahat.o -> Cleaned with backup
C:\WINDOWS\180.exe -> Spyware.WinAD -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions -> Cleaned with backup


::Report End


The computer is running really well, extremely better than it was before, but I still believe that McAfee might be making it run a little slow, plus, it wasn't letting me run a scan on HijackThis until after I ended the process in Task Manager...idk, what are you suggesting? Should I remove it or not?

Again, thanks, you've been wonderful help. Are there any more steps? :tazz:
  • 0

#8
Excal
Posted 26 June 2005 - 09:14 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Surfingterd,

Just a few more steps ;)

As far as McAfee goes, lets wait until we clean up the rest of this before making a descion. Somethings you want to ask your self is, Am I Happy with McAfee. Do I pay for McAfee when I can get another program for free, thats probally just has good. Do I rezalize that McAfee is targeted alot by Malware makers? Why do i keep talking to myself!....:tazz:

I will give u a list of programs that you can run on your computer to help keep your safer. This list will include safe alternatives to McAfee and they are all Free

on with the fix ;)

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab

7. click the Fix Checked box

8. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

180searchassistant
Web Rebates

9. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Web_Rebates
c:\program files\180searchassistant
C:\Documents and Settings\Brian Martinolich\Favorites\Adult

10. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\nem220.dll
C:\WINDOWS\Downloaded Program Files\clientax.inf
C:\WINDOWS\GatorPatch.log
C:\WINDOWS\screen.html
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SYSTEM32\azebar.xml
C:\WINDOWS\SYSTEM32\bln02nqv.exe
C:\WINDOWS\SYSTEM32\iasada.dll
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\WINDOWS\SYSTEM32\winnook.exe
C:\WINDOWS\VT17.exe

11. Please post t a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#9
Excal
Posted 08 July 2005 - 11:48 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP