First off...thank you so much for helping me out.
now to the issues i encountered following your instruction...
step 1. I disabled MS anti-spyware like you said but it still has reloaded every time I've rebooted.
step 12. Almost all of those files were not found. Here are the ones I found and deleted:
C:\WINDOWS\System32\Reg.exe
C:\WINDOWS\dinst.exe
C:\Documents and Settings\MikeS\wfcj.exe
The C:\Program Files\DiallerProgram directory was not there either.
There are still several things going on. I did reboot a couple times before I ran this new HJT log. Here are the logs (HJT, SmitRem, Ewido, Panda):
Logfile of HijackThis v1.99.1
Scan saved at 4:25:58 PM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\qdlkjom.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Live Sex Show] c:\Program Files\DiallerProgram\030925[1].exe -r
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [loxxcu] c:\windows\system32\qdlkjom.exe r
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted IP range: 64.62.171.156
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
http://go.microsoft....204&clcid=0x409O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1122078761937O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO20 - AppInit_DLLs: fhook.dll
O21 - SSODL: NTDBGTOOL - {F01A8674-285F-4C18-A1DB-C007E32D6B55} - C:\WINDOWS\System32\wlnobdbe.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
smitRem log file
version 2.2
by noahdfear
The current date is: Fri 07/29/2005
The current time is: 11:28:03.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
PSGuard spyware remover
~~~ Favorites ~~~
~~~ system32 folder ~~~
intell32.exe
~~~ Windows directory ~~~
desktop.html
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
wininet.dll INFECTED!! Starting replacement procedure.
~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~
~~~~ dllcache\wininet.dll not present! ~~~~
~~~~ Looking for C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll ~~~~
~~~~ KB890923\SP2QFE\wininet.dll not present! ~~~~
~~~~ Looking for C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll ~~~~
~~~~ KB867282\SP2QFE\wininet.dll not present! ~~~~
~~~~ Looking for C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll ~~~~
~~~~ KB883939\SP2QFE\wininet.dll Present! ~~~~
~~~~ Checking KB883939\SP2QFE\wininet.dll for infection ~~~~
~~~~ KB883939\SP2QFE Clean! ~~~~
~~~ Replaced wininet.dll from KB883939\SP2QFE ~~~
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:39:26 PM, 7/29/2005
+ Report-Checksum: BEBCB968
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{03D3AD2F-C841-443F-8A21-A7D2A62B6626} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{563E5DF0-2C1C-4513-BBF5-D380536BB8FC} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67355A47-1544-4905-B698-4D7E5B62EC32} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69A4F9FF-E915-11D5-A9F1-009099104002} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D6DDF37-B491-49D3-8733-600FA16940A0} -> Spyware.Wonderland : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CDC6A46-08AB-435B-A3FA-7CC00E74EC9F} -> Spyware.PerMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DCE908E-9E35-11D3-9431-009099104002} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{91DF007C-2F7F-4731-BE1F-38C1C13CEB8B} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{96B01A48-1317-4A87-91F7-10116F755705} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CF7345D-CE2A-4C32-9D4D-BBEEF8A7257B} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E7138EE-4E7B-11D5-94EF-006008A4ED7F} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F2C17AC-9AA4-4C3A-82C7-EA7BCF00F03D} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB4DD0F0-38DA-4F48-AAFE-7DE7323BB6B2} -> Spyware.ClickTheButton : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B2C03E2E-2219-4FF9-810A-540ACA63F8D9} -> Spyware.MarketScore : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CA7CCB52-6922-47E5-B784-3A3F82C51863} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD770A75-CE18-11D5-98D8-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5E4E352-6947-44EE-A420-DB84EFD3FE93} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC788B03-A743-4274-AC9E-DB4F2A03F515} -> Spyware.SearchAndBrowse : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ED3ADB6E-5AA9-41B0-9DDC-6F31A34552BE} -> Spyware.FreeScratchCards : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F332D106-2EF3-45C4-BAF2-0F739D76B26A} -> Dialer.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0269420-A638-4509-889C-8FC3CC85DA7E} -> Dialer.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72F75B8-93F3-429D-B13E-660B206D897A} -> Spyware.Hijacker.Generic : Cleaned with backup
HKU\S-1-5-21-2857422465-4036164967-2552189465-1005\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2857422465-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E246FAE-8420-11D9-870D-000C2917DE7F} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2857422465-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2857422465-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2857422465-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0269420-A638-4509-889C-8FC3CC85DA7E} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2857422465-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72F75B8-93F3-429D-B13E-660B206D897A} -> Spyware.Hijacker.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0269420-A638-4509-889C-8FC3CC85DA7E} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72F75B8-93F3-429D-B13E-660B206D897A} -> Spyware.Hijacker.Generic : Cleaned with backup
[892] c:\windows\system32\uzhcsip.exe -> Adware.BetterInternet : Cleaned with backup
[1272] C:\WINDOWS\jaaste.dll -> Trojan.Agent.fc : Cleaned with backup
C:\Documents and Settings\MikeS\Cookies\mikes@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20050729-112622-849.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Aie.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Aru.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Asc.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Bpe.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Cgi.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Chj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Cqu.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Cuj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Dgf.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Djd.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Dsq.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Edl.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Eff.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Fad.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Fdb.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Fip.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Foe.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Frp.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Fso.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Gan.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Gmu.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Gqc.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Gsi.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Ief.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\inet20056\3.00.06.dll -> Spyware.Ihbo : Cleaned with backup
C:\WINDOWS\Ipu.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\jaaste.dll -> Trojan.Agent.fc : Cleaned with backup
C:\WINDOWS\Jit.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Jja.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Jjn.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Jnc.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\js128k.dll -> Trojan.Agent.fc : Cleaned with backup
C:\WINDOWS\Khr.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Kkj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Kqj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Ksv.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Ktg.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\kubzhc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Loh.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Mkq.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\mmm1.exe -> TrojanSpy.Delf.ig : Cleaned with backup
C:\WINDOWS\mmm4.exe -> TrojanSpy.Delf.ig : Cleaned with backup
C:\WINDOWS\Ndm.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Nhr.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Nmu.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Occ.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Omc.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Par.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Pcb.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Ppj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Qcf.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Qgs.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Rec.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Rgj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Roi.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Rvn.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\sasetup.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Sbm.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Sfq.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\skiller.exe -> Trojan.Small.ei : Cleaned with backup
C:\WINDOWS\Stj.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\uzhcsip.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Tlo.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Vca.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Vfs.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Vqf.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Vse.html -> Spyware.Spywad : Cleaned with backup
C:\WINDOWS\Vvh.html -> Spyware.Spywad : Cleaned with backup
::Report End
Incident Status Location
Adware:adware/aurora No disinfected C:\WINDOWS\SYSTEM32\DrPMon.dll
Adware:adware/dloader No disinfected C:\WINDOWS\SYSTEM32\msblank.html
Adware:adware/findspy No disinfected C:\DOCUMENTS AND SETTINGS\MIKES\FAVORITES\ Free Hidden Cams World - Realtime.url
Adware:adware/cws.yexe No disinfected C:\messanger.ini
Adware:adware/transponder No disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/exactsearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
Adware:adware/azesearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEST SEARCH ENGINE!!!
Adware:adware/mediatickets No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0\PPCIMDNNNJBEAHEPFABJIPFGINLOEDKG EGCKAK
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
Virus:Trj/Listener.A Disinfected C:\WINDOWS\mmm.exe
Virus:Trj/Dropper.DV Disinfected C:\WINDOWS\system32\open32_uninstall.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\pelodsxh.exe
Virus:W32/Smitfraud.D Disinfected C:\WINDOWS\system32\wininet.old