Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora problem [RESOLVED]


  • This topic is locked This topic is locked

#1
rochdale white

rochdale white

    Member

  • Member
  • PipPip
  • 11 posts
Hi. not very good with computers so all help would be appreciated on this problem!

Here is my hijack log. my problem seems to be with Aurora Network or something or other! thanks for your help :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 22:41:41, on 09/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\tcpcheck.exe
c:\windows\system32\ckeghf.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\udpcheck.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\AOL Companion\companion.exe
C:\DOCUME~1\Blair\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.pas...uth.srf?lc=1033
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {38263BD8-A3DC-4C4E-BE3F-F64B7AA7E8CF} - C:\WINDOWS\zffx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [vwkrpa] c:\windows\system32\ckeghf.exe
O4 - HKLM\..\Run: [tcp checker] tcpcheck.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\RunServices: [tcp checker] tcpcheck.exe
O4 - HKCU\..\Run: [tcp checker] tcpcheck.exe
O4 - HKCU\..\RunServices: [tcp checker] tcpcheck.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager...unttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B828DD5-9BAA-4842-BA04-BCF13BFC9F8E}: NameServer = 205.188.146.145
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Brought to you by the Bandwidth Bandits - C:\WINDOWS\SYSTEM32\tcpcheck.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi rochdale white and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS


Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates Do NOT run a scan yet. (if you already have, please just update)

Please download Nailfix from Here
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Once in Safe Mode, please double-click on
Nailfix.exe on your desktop. Click next, then finished. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {38263BD8-A3DC-4C4E-BE3F-F64B7AA7E8CF} - C:\WINDOWS\zffx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [vwkrpa] c:\windows\system32\ckeghf.exe
O4 - HKLM\..\Run: [tcp checker] tcpcheck.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\RunServices: [tcp checker] tcpcheck.exe
O4 - HKCU\..\Run: [tcp checker] tcpcheck.exe
O4 - HKCU\..\RunServices: [tcp checker] tcpcheck.exe
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


9. click the Fix Checked box

10. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

MyWay
WebSavingsfromEbates


11. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\MyWay
C:\Program Files\TheSearchAccelerator
C:\Program Files\WebSavingsfromEbates


12. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\tcpcheck.exe
c:\windows\system32\ckeghf.exe
C:\WINDOWS\ARUpdate.exe


13. Run the program CleanUp!

14. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

15. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how
  • 0

#3
rochdale white

rochdale white

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:01:35, 10/09/2005
+ Report-Checksum: 1ACDB81B

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\LocalFiles -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\r0td1JbSILPJ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\r0tr1JbSILPJ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AdRoar.Band -> Spyware.CPR : Cleaned with backup
HKLM\SOFTWARE\Classes\AdRoar.Band\CLSID -> Spyware.CPR : Cleaned with backup
HKLM\SOFTWARE\Classes\AdRoar.Band\CurVer -> Spyware.CPR : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.IncrediFindBHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.IncrediFindBHO\CLSID -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.IncrediFindBHO\CurVer -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47E42EA5-AF8C-4D78-9937-AA40354B3018} -> Spyware.RoingsSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5D60FF48-95BE-4956-B4C6-6BB168A70310} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} -> Spyware.AdRoar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{94984402-B480-45C7-AD2D-84E5EB52CFCD} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9F61CFDF-5C79-4D35-B4DA-766B28367223} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AD29366C-63AA-4FF3-944F-91AD7193BCA2} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BD6F129A-08DB-4CC5-A75A-F2AB79E55B6E} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E832FFDE-8ED2-47B7-BE50-729A238040A0} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\jimmyhelp.CBrowserHelper -> Spyware.RoingsSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\jimmyhelp.CBrowserHelper\Clsid -> Spyware.RoingsSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.IToolbarScriptClass -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.IToolbarScriptClass\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{78A163D2-2358-464D-807B-0E2A078C7727} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{ACE8D3BA-7742-44C4-920D-FD25BD1E8245} -> Spyware.AdRoar : Cleaned with backup
HKLM\SOFTWARE\Dvx -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\IncrediFind -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO\HomePage -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO\RedirectURLS -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} -> Spyware.AdRoar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA Software Installer -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\saap -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAST -> Spyware.BroadCastPC : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WCPR -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey -> Spyware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\saap -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client\Cookies -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client\Cookies\Data -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client\Cookies\Data\net -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client\Cookies\Data\net\contextplus -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client\Cookies\Data\net\contextplus\adchannel.contextplus.net/services -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Apropos\Client\Cookies\Data\net\contextplus\adchannel.contextplus.net/services/AdChannelServer -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\Web Savings -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D60FF48-95BE-4956-B4C6-6BB168A70310} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} -> Spyware.AdRoar : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\pynix -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\saap -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1060284298-606747145-725345543-1004\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.f : Cleaned with backup
C:\WINDOWS\system32\temp.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\udpcheck.exe -> Backdoor.VBbot.a : Cleaned with backup
C:\WINDOWS\system32\qwzsjde.exe -> Trojan.Agent.cp : Cleaned with backup
C:\WINDOWS\system32\tcpcheck.exe -> Backdoor.VBbot.a : Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\eventcls.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\system32\exprxy.exe -> TrojanDownloader.Apropo.aa : Cleaned with backup
C:\WINDOWS\system32\ap9h4qmo.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\system32\q17i9a4j.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\qh4mkbv9.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\Altnet\bdedownloader.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dman25.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdata.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dmfiles.cab/asmend.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmexe.cab/Points Manager.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Error during cleaning
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\setup.exe -> Trojan.LowZones.an : Cleaned with backup
C:\WINDOWS\180ax.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\zffx.dll -> TrojanDownloader.Lemmy.u : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\mm63.ocx -> TrojanDownloader.VB.ez : Cleaned with backup
C:\WINDOWS\ixcl.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\webhdll.dll_tobedeleted -> Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
C:\WINDOWS\jcnpvmk.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\axasxmr.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\opera.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\gga.exe -> Trojan.LowZones.an : Cleaned with backup
C:\WINDOWS\cdwyyuvfb.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\180axhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg : Cleaned with backup
C:\WINDOWS\70tovmto.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\whCC-MOTOR.exe/WhAgent.exe -> Spyware.WebHancer : Error during cleaning
C:\WINDOWS\sixtypopsix.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\mm15201518.Stub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\cxtpls_loader.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\jdwbaw.exe -> TrojanDownloader.IstBar.hh : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\Cookies\blair@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\Cookies\blair@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\Cookies\blair@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\Cookies\blair@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\Cookies\blair@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THIC12.tmp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THIC12.tmp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THIC12.tmp\twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THIC12.tmp\preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THIEA9.tmp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THIEA9.tmp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THIEA9.tmp\twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THIEA9.tmp\preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THI199.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THI199.tmp\farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.eo : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THI376.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THI376.tmp\farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\fahKpYM.exe -> Worm.Mytob.i : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THI3595.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THI3595.tmp\farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\DrTemp\thin-143-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\DrTemp\INTLRECO.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THI108B.tmp\pynix.cab/Pynix.dll -> Spyware.DlMax : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THI108B.tmp\pynix.cab/spike.exe -> Trojan.Agent.cb : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THI108B.tmp\Pynix.dll -> Spyware.DlMax : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\THI1A55.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Error during cleaning
C:\Documents and Settings\Blair\Local Settings\Temp\THI1A55.tmp\farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\auf0.exe -> TrojanDownloader.Apropos.s : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\180sainstaller.exe -> Spyware.180Solutions.b : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\AutoUpdate0\auto_update_install.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\remove.exe -> TrojanDownloader.Keenval.f : Cleaned with backup
C:\Documents and Settings\Blair\Local Settings\Temp\WVE\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Blair\My Documents\Old Files\My Documents\jose!.pif -> Worm.Kelvir.a : Cleaned with backup
C:\Documents and Settings\Blair\Desktop\Old Files\My Documents\jose!.pif -> Worm.Kelvir.a : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@webpdp.gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@ehg-bskyb.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@adtech[3].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@www.casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@www6.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@www7.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@ads.specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@gator[2].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@casinodelrio[1].txt -> Spyware.Cookie.Casinodelrio : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@www8.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@www.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@a.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@questionmarket[3].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@112.2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@bluestreak[3].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@bs.serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@adviva[1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@tradedoubler[4].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@questionmarket[5].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@adtech[4].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@www1.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@e-2dj6wfmyokdjagp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Blair\Cookies\blair@as-us.falkag[3].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\2.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Toolbar\xlmurin.wzg -> Spyware.IBIS : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe -> Spyware.HelpExpress : Cleaned with backup
C:\Program Files\whInstall\WhAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\whInstall\whInstaller.exe -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\whInstall\WhSurvey.exe -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\whInstall\Webhdll.dll -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\whInstall\whiehlpr.dll -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\WebRebates\WebRebates.exe -> Spyware.HelpExpress : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\180search Assistant\saap.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180search Assistant\saaphook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Spyware.UCmore : Cleaned with backup
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Spyware.UCmore : Cleaned with backup
C:\Program Files\CxtPls\ace.dll -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\CxtPls.dll -> TrojanDownloader.Apropo.w : Cleaned with backup
C:\Program Files\CxtPls\CxtPls.exe -> TrojanDownloader.Apropo.r : Cleaned with backup
C:\Program Files\CxtPls\WinGenerics.dll -> Spyware.AproposMedia : Cleaned with backup
C:\super.exe -> Trojan.LowZones.an : Cleaned with backup
C:\anaa.exe -> Trojan.LowZones.an : Cleaned with backup
C:\setup.exe -> TrojanDropper.Agent.gk : Cleaned with backup
C:\rt.exe -> TrojanDownloader.Small.aoi : Cleaned with backup
C:\stealme.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\tek9.exe -> Trojan.Hmxb : Cleaned with backup
C:\roe.exe -> Trojan.LowZones.an : Cleaned with backup
C:\msn.exe -> Trojan.LowZones.an : Cleaned with backup
C:\icqa.exe -> Trojan.LowZones.an : Cleaned with backup


::Report End



----------------------------------------------------------------------------------




Logfile of HijackThis v1.99.1
Scan saved at 00:30:44, on 10/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Blair\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.pas...uth.srf?lc=1033
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager...unttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B828DD5-9BAA-4842-BA04-BCF13BFC9F8E}: NameServer = 205.188.146.145
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--------------------------------------------------------------------------------------

i didnt know how to post an active scan thing! :tazz:
but from what i could tell nothing was found eg viruses suspect files!
does this all amke sense???
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
wow, that cleaned up very nicely!! Hows everything running>?

:tazz:

Excal
  • 0

#5
rochdale white

rochdale white

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
everything is going great!!!! no problems at all and thanks for all your help!

RW :) :tazz:
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

I recommend that you Defrag your computer before setting your Restore points:

Go to start>all programs>accessories>system tools>Disk Defragmentor Make sure it set to the proper drive (default should be your main driver) and click on defragment


Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#7
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP