Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

oldgames.se, filost, + variants [CLOSED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Did you get any file scanned at any of the online scan sites ??? The email is anyway suspicious. Can you attach the signature.zip file with your next reply ???


Can you also post the Ewido and Spybot logs here??

Did your log on issue get resolved ???

Edited by tampabelle, 26 August 2005 - 07:00 AM.

  • 0

Advertisements


#17
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Did you get any file scanned at any of the online scan sites ??? The email is anyway suspicious. Can you attach the signature.zip file with your next reply ???
/\/\/\
No new scans since the last one you requested. However, I did a LiveUpdate at Symantec (weekly chore) and there were a couple of sizeable new ones. I'm newbie with their program, so don't know if they do any type of auto-scan during the Auto- or Live-Update process, or if maybe when my installed app detects something it sends (in the background) a sig.sample to them next time online or somesuch. Anyway, the e-mail arrived first thing the very next morning after, so the timing kinda made sense. But as you said, still, suspicious. However.....

I decided to try & contact Symantec...and long story short, they assured me (mail just received 10 minutes ago) they DO NOT do this type thing. They've requested I send the attached file to them, so no need for you to worry about it. They also want me to submit it to my Provider to see if they can ascertain the originating source, and send the info back to them. There's a page on Symantec's site in FAQs on 'spoof' threat notifications - but this one wasn't one of the many listed. I get a feeling they might want to go after the perpetrator...I sure hope so. ~8)

If you STILL want me to forward the 'booger' file to you, let me know.

+ + +
Can you also post the Ewido and Spybot logs here??
/\/\/\
Sure!
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:09:11 PM, 8/24/2005
+ Report-Checksum: F43B73DD

+ Scan result:

HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup


::Report End
& & & & & & & &

Hmmmmm......what 'type/extent' of the Spybot report do you want? Here's results of scan I just ran:

--- Search result list ---
Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

BridgeTrack: Tracking cookie (Internet Explorer: Waldorf Ford) (Cookie, nothing done)

The override.....my local shop did that....conflict with Symantec..so I know about it. Looks like all I've picked up is one tracking cookie.



+ + +
Did your log on issue get resolved ???
/\/\/\
No - as said in my last, did not take any action pending settlement of that 'spoofed' warning we're discussing.

Best regards,
~Jay
  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

If you check the Ewido log, the items listed pertain to your audio device. So these entries would be classified as "False positives" and can be safely ignored.

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

This entry is a correct setting. Spybot only reports that there was a recent change. Did you change any security settings ??


If you surf on internet, then you will collect cookies. Every once in a while you can delete the cookies. However this would also delete the passwords and log in details that you have stored in cookies and wou will have to log in to each of the sites manually instead of automatic login.

What you can do is, delete all the un-known cookies in the folder - C:\Documents and Settings\Waldorf Ford\Cookies. This way you can delete all the unwanted cookies and retain the cookies for the sites that you visit.


Since you have already mailed that file to Norton, it is not required to mail it to me. You can delete the file and the email (unless Norton / Symantec wants the email for tracking purposes).

Did you log in issue get resolved ???
  • 0

#19
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi back!,

If you check the Ewido log, the items listed pertain to your audio device. So these entries would be classified as "False positives" and can be safely ignored.
/\/\/\
Yup. Thanks.


& & &
Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

This entry is a correct setting. Spybot only reports that there was a recent change. Did you change any security settings ??

/\/\/\
Yup...did. Rather, my dealer's shop tech did. Have to disable due to conflict with Symantec security - for some reason apparently sees it as 'enemy'.


& & &
If you surf on internet, then you will collect cookies. Every once in a while you can delete the cookies. However this would also delete the passwords and log in details that you have stored in cookies and wou will have to log in to each of the sites manually instead of automatic login.

What you can do is, delete all the un-known cookies in the folder - C:\Documents and Settings\Waldorf Ford\Cookies. This way you can delete all the unwanted cookies and retain the cookies for the sites that you visit.

/\/\/\
Pretty up to speed on cookies, & that's pretty much my standard routine. AdAware & Spybot seem to be doing a pretty good job - about all that gets in are a few trackers each weekly scan event. Once we get all issues cleared, I plan on also installing Spyware Blaster - has been highly recommended multi-times. Already d/l'd in fact, just not installed yet. Hopefully that'll help keep me ACAP (as clean as possible) ~8)


& & &
Since you have already mailed that file to Norton, it is not required to mail it to me. You can delete the file and the email (unless Norton / Symantec wants the email for tracking purposes).
/\/\/\
Yup - only holding it until they're happy...then it's *poofsville* -- begone!! ~8)


&&&
Did you® log in issue get resolved ???
/\/\/\
I'm havin' some second thoughts on this. I've figured what Software Bisque was doing in their 'fix' was, basically, showing how to enable a new startup account that didn't require a logon. Easiest path for me (best odds of not screwing something up) is to just bring all MY (regular) desktop settings over to the desktop their 'patch' fix created - the one that now opens up on bootup. Basically, just copy my shortcuts over, add my background, and configure the mouse settings etc. And I'll be >basically< back where I started....only with one 'bogus' user account (my old 'regular' account) that I'd prolly never use again anyway. I plan to test, & if it goes according to plan, will maybe just stay with that & maybe later clean out the old 'screwed' account. To reiterate, if anything happens that would require me to re-install WinXP, I'm 'SOL' as they said, as I didn't get the Windows CD's with this re-furb.

My 'fear' is that, if I do anything to eliminate the new account their patch created, I'll be back to not being able to access the computer again, ie, the first manifestation of the problem that raised the new log-on account requirement in the first place. After analyzing all the facets, this prolly the smoothest/easiest out for me. A bit of a chore, moving everything over, but better'n pounding Enter &/or F8 every bootup, for sure! ~8)

Soooo....will save you some headache, if you'd rather not mess with it.
Your thoughts?
~Jay
PS - I think you had me knock out some of the Yahoo settings. I notice this morning my 'LaunchCast' (web radio) isn't working. First time I've tried it since "the purge" -- any chance we might've killed something we might not ought've?
--------------------
  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jay,

Thanx for your PM. I had read your post I guess I missed out on responding.

Basically I concur with what you said about the login accounts. I would be a little more careful with what I do given the conditions under which you bought it !!!

Its a little bit of work to transfer all stuff (shortcuts and files) to a new profile but it can be done :tazz:


I checked what we had done on your PC till now. I havent done anything to "Lauchcast" or any yahoo settings which would disrupt the operation of the program.

Anyway you can download and install it again, if it is not working properly !!!


Keep me posted on how the issue with the login account goes
  • 0

#21
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi TampaBelle!
Re my Private Message, here's the HiJack This scanlog I told you I'd post:
Logfile of HijackThis v1.99.1
Scan saved at 11:32:46 AM, on 9/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Ewido Security Suite35\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\wkfglxc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180searchassistant\sais.exe
C:\WINDOWS\system32\Ereits.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program DLs\Hijack This\hijackthisAPP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [uBIVHfEqQ] C:\WINDOWS\wkfglxc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Rzuenb.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [nstkbmd] C:\WINDOWS\nstkbmd.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ereits.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...sb_pictures.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5F66DCD-89EE-43A8-94AD-07E4E0845E20}: NameServer = 69.4.224.22 69.4.224.21
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Security Suite35\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

====

I tried to get to the Panda Online Scan you had me run previously, but it starts and soon afterwards all kinds of weird things happen, including cascading error message avalanch until my system crashes in 'bluescreen'. Needless to say, desperately need serious help!

Thanks as ever,
~Jay (starhopper)
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed. In case you have some of the programs already downloaded, then you can use the already downloaded programs. However you may need to update the files in some of the case (like Ewido).

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
rbkiller.exe
FxISTBar.exe
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.



2. Remove Infections

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run FxISTBar.exe

Run rbkiller.exe

Run Ewido full scan. Let it fix any items it finds.


3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [uBIVHfEqQ] C:\WINDOWS\wkfglxc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Rzuenb.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [nstkbmd] C:\WINDOWS\nstkbmd.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ereits.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...sb_pictures.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

180 Solutions
Uninstall180 search assistant
Your Site Bar
Surf Accuracy
Internet Optimizer
Power Scan



Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
c:\program files\180searchassistant\saishook.dll
C:\Program Files\YourSiteBar\ysb.dll
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Power Scan\powerscan.exe


Files
C:\WINDOWS\nem220.dll
C:\WINDOWS\wkfglxc.exe
C:\WINDOWS\nstkbmd.exe
C:\WINDOWS\system32\Rzuenb.exe
C:\WINDOWS\system32\Ereits.exe



Run CleanUp and delete all temp files including temporary internet files


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#23
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi TampaBelle!
8:53 AM 9/22/05
Yesterday in order to access my system, I eventually in desperation had to resort to running some of my anti-malware programs. I dumped my Recycle Bin & did a full scan with Ad-AwareSE, followed by a scan with Spybot S&D, letting them quarantine & remove all fixable items. Spybot reported it could not remove one file as it was in ?use/memory?. This regained 'limited' use of the computer, letting me sign on and switch users to my regular WinXP 'User' account..... But I still could not close Windows normally...getting a repeated !Error message while 'something' kept trying to install itself. I just kept hitting Alt+F4 until I could press the power-off switch.


Here is printout of your instructions, with actions taken & reactions; & notes of differences discovered. Note that several of the files etc you advised to delete, had apparently already already been 'killed' by the AdAwareSE & Spybot processing mentioned above.

******
NOTE: PRINTOUT OF NEW GEEKStoGO INSTRS: in email fm tampabelle
>>> Each step followed with notes as added, indicated by '>>>' marks under instructions.

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed. In case you have some of the programs already downloaded, then you can use the already downloaded programs. However you may need to update the files in some of the case (like Ewido).

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp - http://www.geekstogo...tion=show&id=49
rbkiller.exe - http://www.wildersse...ds/rbkiller.exe
FxISTBar.exe - http://securityrespo...er/FxIstbar.exe
Ewido Security Suite - http://www.ewido.net/en/download/
>>> Done. Already had Ewido (ran up date) & Cleanup.


Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.



2. Remove Infections

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run FxISTBar.exe
>>> "Adwar.Istbar has not been found on your computer"
>>> (Possibly removed by AdwareSE scan...) Note: Took ~45 mins...thorough!

Run rbkiller.exe
>>> "No RapidBlaster processes detected" Note: Took 3 seconds!

Run Ewido full scan. Let it fix any items it finds.
>>> ~55 mins: 115 infected objs
>>> Cleaned 107, then gave "Warning: The file "C:\Docs and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K17VYREP\ysb_pictures[1].cab/YSBactivex.dll"
cannot be removed because it is embedded in the archive "C:\Docs and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K17VYREP\ysb_pictures[1].cab" Do you want to remove the whole archive?
[Yes] [No]...took [Yes]
>>> Scan & clean completed, took 'save report'
>>> Scan Report_20050922 saved in Reports folder of Ewido Suite folder
>>> Pasted onto bottom of this.


3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
>>> "Default URLSearchHook is missing" Clicked box anyway.

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [uBIVHfEqQ] C:\WINDOWS\wkfglxc.exe
>>> 5 above files not found

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
>>> Present; checked box

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\InternetOptimizer\optimize.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Rzuenb.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [nstkbmd] C:\WINDOWS\nstkbmd.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ereits.exe
>>> 6 above files not found

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...sb_pictures.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
>>> 2 above files not found. Note: checked carefully & rechecked for these names & any variants!

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.
>>> Did: 2 items fixed

4. Delete Rogue files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

180 Solutions
Uninstall180 search assistant
Your Site Bar
>>> Above 3 not found.

Surf Accuracy
>>> Found: Clicked on; Info window opened: Size -0.14Mb Used: rarely
clicked 'Change/remove button': "Uninstaller error - An error occurred while trying to remove Surf Accuracy. It may have already been uninstalled. Would you like to remove Surf Accuracy from the Remove Program list? Took 'Yes'. Note: check later for 0.14 Mb file!!

Internet Optimizer
Power Scan
>>> Above 2 not found.

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
c:\program files\180searchassistant\saishook.dll
C:\Program Files\YourSiteBar\ysb.dll
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Power Scan\powerscan.exe
>>> Only 'SurfAccuracy' folder was present - took 'Shift+Del', to bypass Recycle Bin; Deleted. (Folder contained 3 files...names not noted)

Files
C:\WINDOWS\nem220.dll
C:\WINDOWS\wkfglxc.exe
C:\WINDOWS\nstkbmd.exe
>>> Did 'Search' in WINDOWS: above 3 none found

C:\WINDOWS\system32\Rzuenb.exe
>>> Search in WINDOWS Found 'RZUENB.exe-1FAF3466.pf' but in C:\WINDOWS\Prefetch folder (29Kb). Did not delete. Should it be??

C:\WINDOWS\system32\Ereits.exe
>>> Re 'Ereits.exe'
Search for 'Ereits' in Windows folder found 17 files:
In C:\WINDOWS\Prefetch:
EREITS.EXE-05A0E918.pf (31KB PF file)
And in C:\WINDOWS\system32:
Ereits (224KB Application) (Mouseover Info shows Description: Redirect MFC Application)
Ereitsdk (1KB XML document) ( " " shows only 'Type: XML Doc'; ditto all below)
Ereitsk (490KB XML document)
Ereitsk1 (390KB XML document)
Ereitsk2 (265KB XML document)
Ereitsu (1,837KB XML document)
Ereitsu1 (1,405KB XML document)
Ereitsu2 (1,210KB XML document)
Ereitsu3 (18KB XML document)
NewEreitsk (25KB XML document)
NewEreitsk1 (15KB XML document)
NewEreitsk2 (14KB XML document)
NewEreitstime (1KB XML document)
NewEreitsu (139KB XML document)
NewEreitsu1 (95KB XML document)
NewEreitsu2 (74KB XML document)
>>> Following instructions 'to the letter', deleted only the 'Ereits' Appl file. (Shift+Del)
>>> Note: if other 16 files are not required, would prefer to delete ALL completely (disk space, & sense of well-being!) Would it be safe, wise & prudent to do so??



Run CleanUp and delete all temp files including temporary internet files
>> Done. Noted "Run MRU list removed from registry. Telnet's MRU list removed from registry. Recovered 90.4 Mb of disk space from 6507 files"

Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
^^^^^^^^^^^^^^^^^^^^ HIJACK THIS REPORT FOLLOWS ^^^^^^^^^^^^^^^^^^^^^^
Logfile of HijackThis v1.99.1
Scan saved at 1:32:56 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Ewido Security Suite35\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program DLs\Hijack This\hijackthisAPP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!

\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2

\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft

Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -

https://support.micr...ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Security Suite35\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe




^^^^^^^^^^^^^^^^^^^^ EWIDO SCAN REPORT FOLLOWS ^^^^^^^^^^^^^^^^^^^^^^^
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:55:28 AM, 9/22/2005
+ Report-Checksum: 47823509

+ Scan result:

HKLM\SOFTWARE\dealhelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\dealhelper\KeyWord -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealhelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\0\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\0\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\0\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\0\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\1\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\10 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\10\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\10\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\10\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\11 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\11\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\11\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\11\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\11\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\2\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\2\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\2\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\2\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\3 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\3\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\3\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\3\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\4 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\4\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\4\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\4\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\5 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\5\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\5\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\5\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\6 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\6\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\6\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\6\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\7 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\7\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\7\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\7\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\7\Controls\2 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\8 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\8\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\8\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\8\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\9 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\9\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\9\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\9\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\A -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\A\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\B -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\B\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\B\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\B\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\C -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\C\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\C\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\D -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\D\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\D\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\D\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\E -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\E\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\E\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\E\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\F -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\F\Controls -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\F\Controls\0 -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?

#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}

\#Wave\Device Parameters\Mixer\F\Controls\1 -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1008

\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer

: Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1008

\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar :

Cleaned with backup
HKU\S-1-5-21-3403482629-370423927-1386743413-1008

\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410CDE-6F16-42CE-9D49-3807F78F0287} -> Spyware.Zango : Cleaned

with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager :

Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick :

Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix :

Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned

with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned

with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with

backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with

backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@e-2dj6wjlyunazikq.stats.esomniture[2].txt ->

Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 :

Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@questionmarket[1].txt -> Spyware.Cookie.Questionmarket :

Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned

with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon :

Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Cookies\waldorf ford@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned

with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with

backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\Del2D.tmp -> TrojanDownloader.Small.asf : Cleaned with

backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with

backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temp\res2E.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\dealhelper[1].exe

-> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\ibar[1].js ->

TrojanDownloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\optimize[1].exe ->

TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\sacc_remove

[1].exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\8TEVGPAB\ysb[1].dll ->

Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\downloaddll[1].htm

-> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\power_remove

[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\stubinstaller5041

[1].ex_ -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\K18VYREP\ysb_pictures

[1].cab/YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SHIJOXYN\dun[1].exe ->

Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SPY7KX2N\istsvc[1].exe ->

TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5

\SPY7KX2N\SAcc.prod.v1110.07sep2005.exe[1].cbb24cb3f875a3f41512d11e2ae33ba7 -> Spyware.SurfAccuracy : Cleaned with

backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SPY7KX2N\version[1].exe ->

Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Waldorf Ford\Local Settings\Temporary Internet Files\Content.IE5\SPY7KX2N\ysb_prompt

[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\Rzuenb.exe -> Spyware.DealHelper : Cleaned with backup


::Report End


^^^^^^^^^^^^^^^^^^^^ END OF REPORTS - NOTES FOLLOW ^^^^^^^^^^^^^^^^^^^

Note: WHEW! Turned into an all-day job! Man, this is too much like work!! *LOL*
But so far, it appears things have returned pretty much to normal. Now THERE's a big WHEW!! Also noted the '180search' icon has disappeared from my task tray.

Please notice several questions inserted above the end reports, concerning differences noted --in particular, the multiple 'Ereits' files and the 'RZUENB.EXE\~~~.pf file. Please respond to these so I know you've noted & seen them!

Also, I have a reasonably good idea of the actions that gave me this nasty 'bugging', if you would care for the details. Let me know. Basically, I Googled up a picture of a name mentioned in a Yahoo News article so I could see who it was. When I clicked it to close, the fun started!

Of note: I pasted your instructions onto Notepad & saved a copy to a 'virgin' floppy disk, so I could open it on my desktop screen & follow along (rather than print it out - printer's on the fritz). Just before I inserted the floppy into the A: drive, some 'Guardian Angel' told me I might oughta do a virus scan first. And whattaya know....there were 3 '.exe' infection files found on the floppy! This thing WAS a booger!! (The floppy is in the garbage can now, crushed.)

Finally, before I forget to mention - I am pretty dismayed that, despite all the security I have installed, how quickly such a set of 'beasties' got past it all & installed themselves. Is there anything 'out there' that will prevent this kind of happening?

OK.....better stop here if you're gonna be done by this weekend *LOL*. Any more steps I should do from this point??

And as always, thanks, BIG time! ~8)
~Jay
  • 0

#24
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
1. Run IE. Click on Tools ---> Internet Options ---> General tab.

Click on Delete Cookies and then on Delete files.

2. Run Hijack This. The following items need to be fixed -

R3 - Default URLSearchHook is missing

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


3. Delete the files -

C:\WINDOWS\system32:
Ereits (224KB Application) (Mouseover Info shows Description: Redirect MFC Application)
Ereitsdk (1KB XML document) ( " " shows only 'Type: XML Doc'; ditto all below)
Ereitsk (490KB XML document)
Ereitsk1 (390KB XML document)
Ereitsk2 (265KB XML document)
Ereitsu (1,837KB XML document)
Ereitsu1 (1,405KB XML document)
Ereitsu2 (1,210KB XML document)
Ereitsu3 (18KB XML document)
NewEreitsk (25KB XML document)
NewEreitsk1 (15KB XML document)
NewEreitsk2 (14KB XML document)
NewEreitstime (1KB XML document)
NewEreitsu (139KB XML document)
NewEreitsu1 (95KB XML document)
NewEreitsu2 (74KB XML document)

4. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch. It will open the folder Prefetch. Delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


5. Please download WebRoot SpySweeper from here:
http://www.webroot.c...6d6f87b866d2848
(It's a 2 week trial)

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.


6. Run Clean Up and delete all temporary files.
  • 0

#25
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ALL INSTRUCTIONS COMPLETED. RESULTING 'SPYSWEEPER' LOG:
PLEASE SEE COUPLE OF QUESTIONS AT BOTTOM!
=====
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
SPYSWEEPER LOG COPY FOLLOWS:
**********************************
4:57 PM: |··· Start of Session, Friday, September 23, 2005 ···|
4:57 PM: Spy Sweeper started
4:57 PM: Sweep initiated using definitions version 492
4:57 PM: Starting Memory Sweep
4:59 PM: Memory Sweep Complete, Elapsed Time: 00:01:59
4:59 PM: Starting Registry Sweep
4:59 PM: Found Adware: yoursitebar
4:59 PM: HKU\S-1-5-21-3403482629-370423927-1386743413-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-

0efe-4f8a-aa55-30386a3f5686} (ID = 693292)
4:59 PM: HKLM\software\yoursitebar\ (6 subtraces) (ID = 693300)
4:59 PM: Registry Sweep Complete, Elapsed Time:00:00:27
4:59 PM: Starting Cookie Sweep
4:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:59 PM: Starting File Sweep
5:00 PM: Found Adware: powerscan
5:00 PM: c:\start menu\programs\power scan (1 subtraces) (ID = 604331)
5:00 PM: Warning: Failed to read file "c:\documents and settings\waldorf ford\local settings\temp\perflib_perfdata_fd8.dat". System Error. Code:

32.
The process cannot access the file because it is being used by another process
5:03 PM: Found Adware: apropos
5:03 PM: wingenerics.dll (ID = 580601)
5:05 PM: power scan.lnk (ID = 604322)
5:08 PM: File Sweep Complete, Elapsed Time: 00:08:16
5:08 PM: Full Sweep has completed. Elapsed time 00:10:54
5:08 PM: Traces Found: 12
5:10 PM: Removal process initiated
5:10 PM: Quarantining All Traces: yoursitebar
5:10 PM: Quarantining All Traces: powerscan
5:10 PM: Quarantining All Traces: apropos
5:10 PM: Removal process completed. Elapsed time 00:00:23
********
4:47 PM: |··· Start of Session, Friday, September 23, 2005 ···|
4:47 PM: Spy Sweeper started
4:56 PM: Your definitions are up to date.
4:57 PM: |··· End of Session, Friday, September 23, 2005 ···|
SPYSWEEPER LOG END

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

=====================================\\
=====================================//

QUESTION REGARDING INSTRUCTION #4:
4. Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch. It will open the folder Prefetch. Delete all the files in that
folder. Dont delete the folder, only the files in it !!!!!!!!
>>> All files were ".pf" except one - Layout.ini (175Kb) Configuration settings. Should that have been deleted too? I _did_ delete it, but I first scanned it with Symantec for viruses & it passed; I then created a folder on a new floppy & saved it there (just in case), and then scanned the floppy again...and it cleared. Thought this best 'just in case', as I realized after running Cleanup it would be otherwise lost. Please advise.

&&&&&&

QUESTION REGARDING FUTURE MALWARE ACCESS PREVENTION:
Do you have knowledge of, and/or can make any recommendations about a realtime 'blocking' program called 'AROVAX SHIELD'??
I know they have had some past problems running with Win98, which they've just announced a fix for, but I'm running XP/SP2, which it's supposed to be for.

Here's some info I've just garnered:
AROVAX SHIELD INFO:
( http://forum.arovaxcompany.com/ )
___
Arovax Shield is a real time monitor and operates as an interceptor. Arovax Shield Detects and Notifies you about all the major online threats trying to penetrate your system, isolates & blocks them:
- Spyware & Adware
- Keystroke Loggers
- Trojan Horses

Your system Firewall, your Anti-Spyware software, your Antivirus are useless because they can not stop all these online threats from penetrating your PC - they can only try to clean them out when these infections are already on your PC.
====
Forum Notes:
Fm: Arovax
Reged: 08/22/05
Posts: 3
Re: Arovax Shield malware protection... [Re: Arovax]
#579263 - 08/29/05 06:09 PM

Dear friends.
We released Arovax Shield version 1.1.162
Latest version has pretty much fixes and additions, though the main one is that Arovax Shield now works with Win 9x and IE 6.x. Check it out:
http://forum.arovaxc...3&st=0

>>>>
Arovax Company announces release of Arovax Shield v. 1.1.162

Version 1.1.162 [August 29 2005]
* Fixed: "Windows 9x + IE 6.x crashing bug"
* New: "Added 'Restoring from system tray' feature if application was run twice or you try to start another session"
* New: "'Start automaticaly with Windows' option added to Settings->Application"
* New: "Multilingual support added to Application, language choice added to Settings->Application"
*New: "New beautiful layout for System Tray menu"

Arovax Shield™ is a brand new type of personal security solution that is unlike any firewall, anti-virus or spyware remover.
Rather than looking for spyware traces or tracking applications that secretly send or receive data over the internet, Arovax Shield blocks any attempt by malicious software to add entries to the auto-start menu, change the registry, hijack or install itself into a browser or find any other way to stealthy get itself onto a PC.

You can Download Arovax Shield for free from our Download page.
< http://arovaxshield.com/download.php >

-Arovax Press
29 August, 2005
press@arovaxcompany.com
**********************
That's all I have - other than a couple recommendations, one a system admin & tech. Do you think it'll do what it claims, & would you recommend a try?

Thanks yet again,
~Jay
  • 0

Advertisements


#26
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
prefetch is like "Recent Documents" only it saves a few settings for easy accessibility and running of frequently used programs.

You can delete all the files in it (removes some of the traces of infections).

It gets regenerated over a period of time depending on which programs you are using frequently.


You can try avorax but not me. I believe I have adequate protection.

How is your PC behaving now ???
  • 0

#27
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
" How is your PC behaving now ??? "

Hi TB;
Sorry to've taken so long to respond. Ever since the 'fix' it's been acting kinda hinky & been trying to nail it down. I still haven't got a clear picture on it but here's what's what to the best of my ability to find out.

On boot up, I still have the 'Log On Account' and the 'Users Account' which I always switch over to first thing after startup. Since this current problem, there has been occuring a 'hesitation' between screens while changing accounts. I have been seeing a brief screen 'flash' of some type, so brief I had not been able to identify a small window's content that had been appearing. It is a gray color, with a red 'top margin' bar...and pretty sure it's an error warning of some type. The best I have been able to determine after numerous times watching it, it says something to the effect of "COREACCT.??? FAILED TO INITIALIZE". When it has occurred, the screen changeover has been a bit 'strange'...like a hesitant 'jump'...and the Windows 'music' that plays is sort of 'abbreviated'. At times, also, when powering down something like this occurs, but the red-bar error message it shows, I have not as yet been able to determine, as it quickly disappears and after several seconds of normal 'powering down' activity, it shuts off.

But the most prevalent event that has been occurring, I believe is browser related. I have had multiple instances of a new, never-before-seen 'pop-under' screen. I can be browsing my normal 'rounds' of astronomy forum boards, for instance, and suddenly, usually after right-clicking a link to open a new window, the current window suddenly freezes. The cursor which changes from an arrow to a little 'pointer finger' remains also, ie doesn't change back to an arrow when removed from the link. The current page itself freezes up...cannot be closed nor minimized....and the only way I have of ending it is to go to another window I have open and clicking the 'x' to close it, at which instance ALL open browser windows close & I lose all work. The exception to this is when the window in which I click the link, is open at mid-size? (less than maximized). When this is the case I can click the 'x' and close other windows....and always, underneath one of them, there is this new 'black' window advising me "Spyware may be damaging my computer", and prompting me to click for a computer scan. It doesn't 'act right'...on mouseover there is no linked URL or action shown on the regular browser taskbar, and the 'OK' button is blinking. I have not clicked any part of it, not even the 'x' to close it, rather, closing it with Alt+f4. I have grabbed a screen-cap of this 'rogue' pop-under....it is attached here. As said, I have never seen this particular window prior to the latest 'infection' problem I had - and it's now popped up perhaps 15-20 times -- and I believe is an indication we haven't entirely cleaned everything of this infection.

Your thoughts?
Thanx!,
~Jay

Attached Thumbnails

  • spyware_warning_popup.jpg

  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Regarding the first issue, I am bit hesitant to do anything with your PC given the background of your PC.


Regarding the second, we have two options.

1) Repair IE.

Download IEsetup file from here - http://www.snapfiles.com/get/ie6.html

Run the setup file to reinstall IE.


2) alternate browser I suggest is Firefox Mozilla Browser. Use it and let me know if you have any issues with it.



The pop-up you are getting seems to be generic pop-up which results from ads on visiting specific websites. In any case, please visit Panda and do an online scan. Save the scan report and post it back here
  • 0

#29
starhopper

starhopper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi again TB;
Re : "Regarding the first issue, I am bit hesitant to do anything with your PC given the background of your PC. "
>>> No problem...wasn't reporting as an issue; only as a reminder of my system's particular setup so as to establish full framework of/for when the odd activities were occuring.

+ + +
Re "Regarding the second, we have two options.
1) Repair IE.
Download IEsetup file from here - http://www.snapfiles.com/get/ie6.html
Run the setup file to reinstall IE.

2) alternate browser I suggest is Firefox Mozilla Browser. Use it and let me know if you have any issues with it.

>>> Actually, I'm basically planning on doing both. The snapfiles repair would be first choice also, but I'm gonna hold off until done with this current round -- I have a suspicion or two....I want to let something play out first, then re-look at this. Before I forget, thanks for the snapfiles fixer app - I had thought of trying to re-load IE but w/ your recommendation this might be better - & I appreciate it.

>>> Option 2 - Firefox : I've had some others make good recommendations about that browser, & I intend to try it. Two issues have been holding me off it. The first was that security 'hole' they found in it....was already waiting for the 'fix' to get some safe mileage on it before enlisting - and the second was that one of the main astronomy forums I hang out at, whatever script they've been using has had conflicts with several of our Foxfire users - pages coming in scrambled to [bleep] - especially graphics. The forum webmasters are trying to get this resolved...and I want to see whether they're successful before jumping on the Foxfire wagon myself. I'd estimate 50-60% of my entire web activities are at this particular site, so you can hopefully appreciate why I wouldn't want to 'mess that up' right yet.

The "suspicion or two" : some feedback I'm getting regarding certain issues I've been experiencing lately, strongly suggest possible removal of any newly installed hardware or software. Fact is, the only new thing I've installed, is the Spy Sweeper app! And some of the 'hinkiness' is occurring right around the time it's generating it's bootup splashettes....reminders of time left in trial etc. So that kinda fits in with my suspicions too! There's also some funny stuff going on that makes me think SpySweeper is 'firewalling' some things pretty strongly too. One short example - something is keeping the 'Yahoo!' logo from loading on my home page! If I tell it to display that image file specifically, I'm getting a 'can't find page' message. Weird. But, what I've thought I might do, is just let the free trial play out, and see if the hiccups I've been seeing, clears up. Only, if it just 'disables' itself but actually remains viable in the WinXP system (etc)...I realize there's a possibility the hiccups might continue. Anyway, that's kinda my plan....any advice there?

And for the record, another experience of the 'hinkiness' is - and this'n might blow your mind - on Tuesday(?) night I went to make my regular weekly virus/adware sweeps -- downloaded latest updates, sigs, etc., and let 'em rip. Ad-Aware SE crashed while downloading its updates....and Spybot S&D crashed twice while doing its scan, once while I was consulting its 'Help' file!! W E I R D!

(PS - Just now I came here to post this reply -- something is blocking your Tampa Belle 'signature banner' at the bottom of your last message -- it's only showing a empty white rectangle with the little red 'X' upper left corner. Has done same in many other instances; all, & only, since installing 'Spy Sweeper')

+ + +
"The pop-up you are getting seems to be generic pop-up which results from ads on visiting specific websites."

I kinda don't think so, as my surfing habits haven't changed from my pre-infection patterns, & I'm getting the same 'pop-under' from different sites, not specific, where it never showed up before (ie, non-associated with the particular websites.) 95+ % of my time on the web is in the Yahoo Astronomy forums (subscribe to approx a dozen, of which I'm on maybe 4 once or twice daily)..and another, independent Astronomy forum (Cloudy Nights), which I routinely visit 5 of their ~30 boards. About the only other places I frequent are the Yahoo home page for news, and a very few sites for astronomy data, when needed. And Yahoo is VERY sano when it comes to keeping their stuff attachment free....none of the forums even allow them.

It's just that, the ~way~ that black popup goes about opening, the when & where etc., and the things that happen that I'm recognizing, while it's opening under a browser window, I just KNOW it's happening....I carefully close the covering window & sure's shootin', there that booger is! Anyway, bottom line is, I sincerely don't think it's site related....but rather, something that's 'infested' the IE browser app itself. So, my next question:

I know how some of these 'boogers' can be pretty tenacious. I'm wondering if it might be better to completely remove IE, & then do a complete new install - as opposed to just running the snapfiles fix you mentioned? Or is the 'fix' something that's pretty thorough, & that would likely replace any malicious hangers-on?

+ + +
"In any case, please visit Panda and do an online scan. Save the scan report and post it back here"

>>> And here's the report from the Panda Activescan - only 1 item found:
Incident Status Location

Adware:adware/block-checker No disinfected Windows Registry
--------\
Hoping you have a great weekend....please don't work on this stuff (for me)...and have yourself some well deserved time off! *L*
See ya next week?
Warmest regards,
~Jay
  • 0

#30
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
The re-installation of IE will overwrite all files and settings for IE.

If you are worried about one security hole in Firefox, think about the 1000s reported for IE plus the rate at which new ones get discovered.


I use Firefox as my default browser. I only use IE, where Firefox doesnt work (because the website is not configured for it). Suggest that you can also do that.

You can uninstall Spy Sweeper. It is a trial product and the trial period will expire shortly.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP