Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Important need help for malware!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Important need help for malware!!!

Unread postby steventhebol » November 18th, 2005, 3:09 am

Logfile of HijackThis v1.99.1
Scan saved at 2:12:44 AM, on 11/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\VB2.EXE
C:\WINDOWS\TEMP\GLB3224.TMP
C:\WINDOWS\SYSTEM\RLVKNLG.EXE
C:\PROGRAM FILES\SYSTEM FILES\SYSTEM.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\C3RLDMVUDGHLYM9S\COMMAND.EXE
C:\PROGRAM FILES\UTHM\AREA.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\WINDOWS\DESKTOP\IMPORTANT FOR SAFE COMP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
F1 - win.ini: run=hpfsched hpfsched
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: dlexpertclick Class - {A6927151-F5B4-11D4-AE7A-00D00925CF52} - C:\PROGRA~1\DLEXPERT\DLL\IEHELPER.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKLM\..\Run: [APD123] C:\WINDOWS\SYSTEM\APD123.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [Command] C:\WINDOWS\c3RldmVudGhlYm9s\command.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE" "+b1"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [Uate] "C:\Program Files\uthm\area.exe" -vt yazr
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download by DLExpert (Faster) - C:\Program Files\DLExpert\get.htm
O8 - Extra context menu item: Download &All by DLExpert (Faster) - C:\Program Files\DLExpert\getall.htm
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra 'Tools' menuitem: &DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\rlls.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se ... loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b35645.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - http://zone.msn.com/bingame/zpagames/zp ... b36107.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\PROGRAM FILES\SYSTEM FILES\PLUGIN.DLL
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am
Advertisement
Register to Remove

Unread postby VopThis » November 19th, 2005, 10:14 am

Please download LSPFix from here http://cexx.org/LSPFix.exe .

If you cannot connect to the Internet after removing New.net (below), please run the LSP-Fix program, and click on the finish button. Reboot and you should be able to get back on.



Now, run the LSPFIX for a different matter:
  • Disconnect from the Internet and close all Internet Explorer and Explorer Windows.
  • Run the program.
  • On the opening screen, click the "I know what I'm doing" checkbox.
  • Check all instances of rlls.dll (and nothing else)
  • Move them to the "Remove" pane.
  • Then click Finish and OK.



NEWDOTNET Removal: Open the Control Panel’s Add/Remove Programs list and remove any found entries for:
‘New.net domains’ (B variant) such as NewDotNet,
‘FirstLook’ (FirstLook variant),
QuickSearch Toolbar’ (QuickSearch variant).




If the above options are unavailable or are ineffective, try looking in the Program Files\NewDotNet folder for an EXE uninstaller:
(* = any additional pattern of characters)
*Unins*.EXE; unins*.EXE; Unwise.EXE
(copy and use this exact keywords list in a file search of the relevant FOLDER, if needed)


If more than one uninstaller is present, try the installer with the highest version number in its name.


If an uninstaller is not listed, follow these instructions:
Click on the following link:
http://www.new.net/support/uninstall6_76.exe.
  • Download and save uninstall6_76.exe to Local Disc C
  • Click on Start.
  • Click on Run.
  • In the Open window type, C:\uninstall6_76.exe.
  • Click on the OK button.
  • After removal, you may be prompted to reboot. Please reboot if not prompted.




REBOOT.
POst a revised HJT log.
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

Hijackthis log after removing newdot

Unread postby steventhebol » November 19th, 2005, 11:06 am

Logfile of HijackThis v1.99.1
Scan saved at 10:12:31 AM, on 11/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\C3RLDMVUDGHLYM9S\COMMAND.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\SYSTEM FILES\SYSTEM.EXE
C:\PROGRAM FILES\UTHM\AREA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPDARC.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\DESKTOP\IMPORTANT FOR SAFE COMP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL
F1 - win.ini: run=hpfsched hpfsched
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: dlexpertclick Class - {A6927151-F5B4-11D4-AE7A-00D00925CF52} - C:\PROGRA~1\DLEXPERT\DLL\IEHELPER.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKLM\..\Run: [APD123] C:\WINDOWS\SYSTEM\APD123.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [Command] C:\WINDOWS\c3RldmVudGhlYm9s\command.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [Uate] "C:\Program Files\uthm\area.exe" -vt yazr
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\RunServices: [Uate] "C:\Program Files\uthm\area.exe" -vt yazr
O4 - HKCU\..\RunServices: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download by DLExpert (Faster) - C:\Program Files\DLExpert\get.htm
O8 - Extra context menu item: Download &All by DLExpert (Faster) - C:\Program Files\DLExpert\getall.htm
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra 'Tools' menuitem: &DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se ... loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b35645.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - http://zone.msn.com/bingame/zpagames/zp ... b36107.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\PROGRAM FILES\SYSTEM FILES\PLUGIN.DLL
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am

Unread postby VopThis » November 19th, 2005, 1:04 pm

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
  • Temporary Internet Files
  • Downloaded Program Files
  • Recycle Bin
  • Temporary Files
Click OK or Enter



Run the following online scans and post any available logs generated. You will need to use Internet Explorer with ActiveX enabled:

TrendMicro Housecall (Combo Scan)
http://housecall60.trendmicro.com/en/st ... sp?id=scan

Fix whatever it finds. REBOOT.


Panda Activescan, the online scan
http://www.pandasoftware.com/products/ActiveScan.htm



Take note of any FILES that couldn't be deleted. Post any undeletable items and any available LOGS back here (IMPORTANT FEEDBACK) AND go after such FILES yourself if you want (preferably in SAFE MODE - reboot tapping the F8 key) .

These scans will take more than an hour to complete, so make sure you have time to let them run all the way through.
(let us know if any files couldn't be deleted/cleaned.)


Reboot
Post a new HJT log with any detailed feedback from the scans.
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

Unread postby steventhebol » November 19th, 2005, 9:47 pm

Unfortunately, the two online viruse scanners that you sent to me couldn't work on my computer. For some reason, both ended up stopping on me in the middle of scanning. It happened 3 times with the trendmicro scan and also 3 times with the panda scan (which is weird because I've used the panda scan like a year before and it worked fine). Do you think i should use ad-aware sd personal as an alternative or is there another way to get the online scanners to work for me?
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am

Unread postby VopThis » November 19th, 2005, 11:55 pm

Do you think i should use ad-aware sd personal as an alternative or is there another way to get the online scanners to work for me?

Yes you should be running SpyBot and Ad-Aware as a first line of relief. However, most of the apparant remaining problems are likely beyond the scope of those two (2) tools.


Lets try manually removing any of the obvious stuff.


We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL

O4 - HKLM\..\Run: [APD123] C:\WINDOWS\SYSTEM\APD123.exe
O4 - HKLM\..\Run: [VBOUNCERDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [COMMAND] C:\WINDOWS\c3RldmVudGhlYm9s\command.exe
O4 - HKLM\..\Run: [SURFSIDEKICK 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [UATE] "C:\Program Files\uthm\area.exe" -vt yazr
O4 - HKCU\..\Run: [SURFSIDEKICK 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\RunServices: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\RunServices: [UATE] "C:\Program Files\uthm\area.exe" -vt yazr
O4 - HKCU\..\RunServices: [SURFSIDEKICK 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\PROGRAM FILES\SYSTEM FILES\PLUGIN.DLL


Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:
C:\WINDOWS\SYSTEM\APD123.exe




DELETE APPLICATION FOLDERS
  1. Go to Add/Remove Programs
    In Control Panel>Add/Remove Programs look for any related entries for unwanted items listed below (or anything else you need to investigate or did not put in there).

  2. UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:

    UN*.EXE, *UN*.EXE

    This may reveal an uninstaller with label terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE'. Double-click that EXE, if one is found. Thereafter, check to ensure that the folder is completely gone. Otherwise, consider deleting the folder in question.


-----> C:\Program Files\VBouncer
-----> C:\WINDOWS\c3RldmVudGhlYm9s
-----> C:\PROGRAM FILES\SURFSIDEKICK 3
-----> C:\PROGRAM FILES\SYSTEM FILES
-----> C:\Program Files\uthm





POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Thereafter, re-try the scans that could not complete.
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

It's getting there.

Unread postby steventhebol » November 20th, 2005, 4:45 am

Things are starting to run a bit more smoother. My memory isn't getting run down as much, but i still suspect that there still might be some spyware/malware still lurking in the computer. (the Vbounce folder was the only one i couldn't find and that was probably because i deleted it before i started posting in this forum and i deleted the surfsidekick but it seems it may be still there.) I'll do the online scan a few hours from now since I need to get some sleep. Thx for the job so far and here is the hijack this log. (Edit: the surfsidekick is probably still active because I accidently opened the .exe file in safe mode. I'll probably just have to repeat that step over based on your next instructions.)

Logfile of HijackThis v1.99.1
Scan saved at 3:50:02 AM, on 11/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\DESKTOP\IMPORTANT FOR SAFE COMP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing)
F1 - win.ini: run=hpfsched hpfsched
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: dlexpertclick Class - {A6927151-F5B4-11D4-AE7A-00D00925CF52} - C:\PROGRA~1\DLEXPERT\DLL\IEHELPER.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download by DLExpert (Faster) - C:\Program Files\DLExpert\get.htm
O8 - Extra context menu item: Download &All by DLExpert (Faster) - C:\Program Files\DLExpert\getall.htm
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra 'Tools' menuitem: &DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se ... loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b35645.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am

Unread postby VopThis » November 20th, 2005, 10:04 am

Fix the following lines again in HJT:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing)

O4 - HKLM\..\Run: [SURFSIDEKICK 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [SURFSIDEKICK 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe




Add/Remove SURFSIDEKICK 3, again.
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

New java problem discovered..

Unread postby steventhebol » November 20th, 2005, 12:21 pm

Ok. I think the surfsidekick3 thing may finally be gone, but now i have another problem. After deleting all of the files that you instructed for me to delete I tried going to one of the online scan programs that you suggested that I go to. When I attempted to set up the scanner I realized that my java buttons online weren't working (which is weird since they were working before). I kept trying to press the "scan now" java button, but nothing would happen. This also happened on the panda scan site and when i attempted to install aol's norton antivirus program. Do you think that one of the files that were deleted may have corrupted the java?

here is my hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 11:21:37 AM, on 11/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\DESKTOP\IMPORTANT FOR SAFE COMP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
F1 - win.ini: run=hpfsched hpfsched
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: dlexpertclick Class - {A6927151-F5B4-11D4-AE7A-00D00925CF52} - C:\PROGRA~1\DLEXPERT\DLL\IEHELPER.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download by DLExpert (Faster) - C:\Program Files\DLExpert\get.htm
O8 - Extra context menu item: Download &All by DLExpert (Faster) - C:\Program Files\DLExpert\getall.htm
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra 'Tools' menuitem: &DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se ... loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b35645.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am

Unread postby VopThis » November 20th, 2005, 1:02 pm

Both online scan tools are based upon ActiveX controls (and not Java).

Please test whether ActiveX is enabled on your system:
http://www.pcpitstop.com/testax.asp


Something may be BLOCKING ActiveX or other scripting: These tools require scripting in order to run properly.

Try disabling any blocking applications such as popup blockers. Potentially the Norton ADVANCED TOOLS CHECK may be causing interference. Or consider investigating DLExpert or Star Downloader as potential problem sources.

Check: Tools>Internet Options>Security>(Internet icon)>Custom Level:
ActiveX controls and plug-ins:
'Download signed ActiveX controls' --------------------------> PROMPT
'Run ActiveX controls and plug-ins' --------------------------> PROMPT or ENABLE
'Script ActiveX controls marked safe for scripting' -----------> PROMPT or ENABLE


Also,
Check: Tools>Internet Options>Advanced>(TAB)>SECURITY topic area:
Security:
‘Allow active content to run in My Computer’ ---------------> ENABLE (check)



If still no joy, or in addition if you want:


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
http://www.webroot.com/downloads/
(Please note that SpySweeper is a little sluggish to load and exit in Win9X/Me. Be patient and it should run fine on your PC.)

  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields
    • Click Shields on the left.
    • Click Internet Explorer and uncheck all items.
    • Click Windows System and uncheck all items.
    • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.



Post the SpySweeper session log here along with a fresh HiJackThis log.
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

Unread postby steventhebol » November 20th, 2005, 4:09 pm

Here is the spysweeper log...

********
2:33 PM: | Start of Session, Sunday, November 20, 2005 |
2:33 PM: Spy Sweeper started
2:33 PM: Sweep initiated using definitions version 574
2:33 PM: Starting Memory Sweep
2:39 PM: Memory Sweep Complete, Elapsed Time: 00:05:54
2:39 PM: Starting Registry Sweep
2:39 PM: Found Adware: apropos
2:39 PM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
2:39 PM: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729)
2:39 PM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
2:39 PM: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767)
2:39 PM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
2:40 PM: Found Adware: cws-aboutblank
2:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\searchassistant uninstall\ (2 subtraces) (ID = 116768)
2:40 PM: Found Adware: dealhelper
2:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
2:40 PM: Found Adware: instant access
2:40 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system/egdial.dll\ (2 subtraces) (ID = 128797)
2:40 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system\egdial.dll (ID = 128831)
2:40 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system\ia.dll (ID = 128832)
2:41 PM: Found Adware: powerscan
2:41 PM: HKLM\software\powerscan\ (ID = 136824)
2:41 PM: Found Adware: purityscan
2:41 PM: HKLM\software\clickspring\ (2 subtraces) (ID = 137699)
2:41 PM: Found Adware: surfsidekick
2:41 PM: HKU\.default\software\surfsidekick3\ (3 subtraces) (ID = 143387)
2:41 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
2:41 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
2:41 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
2:41 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
2:41 PM: Found Adware: ist yoursitebar
2:41 PM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (11 subtraces) (ID = 147829)
2:41 PM: HKCR\interface\{90ce74cc-788a-4a00-b38d-cbca08cc9e8f}\ (8 subtraces) (ID = 147833)
2:41 PM: HKLM\software\classes\interface\{90ce74cc-788a-4a00-b38d-cbca08cc9e8f}\ (8 subtraces) (ID = 147839)
2:41 PM: HKLM\software\classes\typelib\{cc257918-f435-4a33-8231-2b8195990cca}\ (9 subtraces) (ID = 147843)
2:41 PM: HKLM\software\classes\ysbactivex.installer.1\ (3 subtraces) (ID = 147848)
2:41 PM: HKLM\software\classes\ysbactivex.installer\ (5 subtraces) (ID = 147849)
2:41 PM: Found Adware: ist software
2:41 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
2:41 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
2:41 PM: HKLM\software\yoursitebar\ (14 subtraces) (ID = 147860)
2:41 PM: HKCR\typelib\{cc257918-f435-4a33-8231-2b8195990cca}\ (9 subtraces) (ID = 147862)
2:41 PM: HKCR\ysbactivex.installer.1\ (3 subtraces) (ID = 147867)
2:41 PM: HKCR\ysbactivex.installer.1\clsid\ (1 subtraces) (ID = 147868)
2:41 PM: HKCR\ysbactivex.installer\ (5 subtraces) (ID = 147869)
2:41 PM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
2:41 PM: Found Adware: command
2:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
2:41 PM: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (11 subtraces) (ID = 920458)
2:41 PM: Found Adware: whenu searchbar/pricebandit
2:41 PM: HKCR\applications\whse.exe\ (3 subtraces) (ID = 999727)
2:41 PM: HKLM\software\classes\applications\whse.exe\ (3 subtraces) (ID = 999741)
2:42 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
2:42 PM: Found Adware: ist sidefind
2:42 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
2:42 PM: HKU\.DEFAULT\software\surfsidekick3\ (3 subtraces) (ID = 143412)
2:42 PM: Found Trojan Horse: trojan-downloader-pacisoft
2:42 PM: HKU\.DEFAULT\software\apd123\ (10 subtraces) (ID = 861435)
2:42 PM: Found Adware: showbehind
2:42 PM: HKU\.DEFAULT\software\showbehind\ (ID = 980567)
2:42 PM: Registry Sweep Complete, Elapsed Time:00:02:30
2:42 PM: Starting Cookie Sweep
2:42 PM: Found Spy Cookie: atwola cookie
2:42 PM: steventhebol@atwola[1].txt (ID = 2255)
2:42 PM: Found Spy Cookie: 2o7.net cookie
2:42 PM: steventhebol@msnportal.112.2o7[1].txt (ID = 1958)
2:42 PM: steventhebol@2o7[1].txt (ID = 1957)
2:42 PM: Found Spy Cookie: maxserving cookie
2:42 PM: steventhebol@maxserving[1].txt (ID = 2966)
2:42 PM: Found Spy Cookie: trafficmp cookie
2:42 PM: steventhebol@trafficmp[2].txt (ID = 3581)
2:42 PM: Found Spy Cookie: yieldmanager cookie
2:42 PM: steventhebol@ad.yieldmanager[1].txt (ID = 3751)
2:42 PM: Found Spy Cookie: cc214142 cookie
2:42 PM: steventhebol@ads.cc214142[2].txt (ID = 2367)
2:42 PM: Found Spy Cookie: tribalfusion cookie
2:42 PM: steventhebol@tribalfusion[1].txt (ID = 3589)
2:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:42 PM: Starting File Sweep
2:42 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
2:42 PM: Found Adware: bookedspace
2:42 PM: bxxs5.dll (ID = 51656)
2:42 PM: bsx32.ini (ID = 51653)
2:42 PM: atmtd.dll (ID = 166754)
2:42 PM: atmtd.dll._ (ID = 166754)
2:43 PM: Found Adware: sexfiles dialers
2:43 PM: dating.lnk (ID = 75396)
2:44 PM: Found Adware: wurldmedia
2:44 PM: moconfig.exe (ID = 90743)
2:44 PM: ia.dll (ID = 63845)
2:44 PM: ssk3.exe (ID = 115260)
2:44 PM: Found Adware: isearch toolbar
2:44 PM: mte2odm6odoxng.exe (ID = 145831)
2:44 PM: Found Adware: marketscore
2:44 PM: rlls.dll (ID = 159066)
2:44 PM: rk.bin (ID = 159065)
2:44 PM: rlvknlg.exe (ID = 159065)
2:44 PM: Found Adware: ezula ilookup
2:44 PM: fran-hot.exe (ID = 180418)
2:44 PM: Found Adware: virtualbouncer
2:44 PM: vb2.exe (ID = 164842)
2:44 PM: Found Trojan Horse: 2nd-thought
2:44 PM: c:\windows\system\newmsrdk (1 subtraces) (ID = -2147481534)
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\idb\style.lst". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\idb\main.idx". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\idb\sysnews.lst". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\idb\toolbar.lst". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\idb\apps.lst". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\idb\spool.lst". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\organize\steventhebol1". The process cannot access the file because it is being used by another process
2:45 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0a\organize\cache\steventhebo00". The process cannot access the file because it is being used by another process
2:45 PM: c:\windows\all users\application data\vbouncer (ID = -2147480091)
2:45 PM: sskknwrd.dll (ID = 77733)
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs11114193-5aa4-45da-a60e-70b89a426703.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs730f20cf-cdb3-4d65-8f2d-95ef30636c33.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd1d4414b-8bda-43d9-89bd-9ec41acfc8d8.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse44803c8-5a51-4bfa-8782-94d50f70e7cc.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb9b2a48d-c4cd-4d86-a0cc-4728832b94a1.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8a224e0c-bb1a-4a93-8c7c-28c8b481dac0.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs18c74cf8-7689-443d-a7d5-5d7fc82fb748.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1724a3a0-d343-4b58-8af4-7eb3e0f8f480.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsed1db461-c048-4691-ad24-f7d409bba045.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6e23c905-148a-4306-a532-8d881761b45b.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad980a3b-dd95-4a55-9a1e-c3102232ef9c.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs06b1dfbf-e9a1-4f76-80ba-2439bb74cd5f.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd675a83f-853f-4194-a057-b19bc4eb0c0c.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdff1fa35-9833-4b7b-9f1b-57abd7991a98.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64eab38e-f9a2-4f6c-91be-bf199116d41a.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsadde1608-b4f1-424c-969a-1dcd91534295.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse6c43a4c-2674-422b-bc87-11c463c97f10.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs22c072e7-329b-4dad-bfca-83b5538da0de.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1d4c76d4-5b0d-4d9d-a697-41d4ab0ed4ea.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfedb774d-9939-4cbb-a572-ba7dc72f109f.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5e60c3ae-0cbb-4d1b-8ffb-e11ab3024542.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf6122061-54d5-49b3-a2e9-79935aabd6f1.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7b37b338-da9d-498f-abb1-d0f3ffc2a76a.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbc7b6e75-d3cd-4787-960b-0e208fa96b77.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs47fc6a8d-937d-49c4-9088-b8d15556e1f7.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07b414fb-6868-497b-90fb-23452143495f.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9f2de995-6124-48fd-b26a-0ee4b67933f8.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f4ff47e-2ec6-463c-9a8c-c1a940e45574.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7f35d687-2b37-451c-95d2-2e11369e2aec.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd6dfc177-e2b4-4c57-8ef8-054c62988033.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs24011db9-5d8a-4d32-b349-86893fdba134.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd86f5156-b159-41a7-a964-e0c2d343cf04.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2ed4aa6f-99c1-44d0-9252-d258e0d9de92.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2d40a8af-6053-4bca-9c9f-577029c35b2d.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6b21f5c6-c601-409f-9f8f-851cffcd823b.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs113bdf55-64ff-4c1d-823a-583d27733ef3.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs126c5466-d4a9-42d2-9685-aff425b896cc.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs40ff0629-f52c-42e5-81ca-638dbe3897bd.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs74625132-74ce-461c-a3fc-793e43d73cab.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbfa43361-7df0-4561-8495-d3bb72687a30.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs660c2f42-a669-4a44-af45-46fc197994d3.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e904197-ce60-44ee-9f52-a39f5aef2fd3.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf18c5f9b-3829-4b84-a30f-253594144aaa.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf920a950-acce-4790-92a7-7da7f416ac3e.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs29b50ca2-019f-4190-9b15-f0efb08dff18.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsadd6bae5-4be2-422f-a330-f444fa4bd984.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3309b54d-d105-4b25-b125-5e8d8baea513.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsec1c621a-e6c6-4cd2-8c27-b922795dcb72.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e0769bb-6a60-47b0-9c64-a71ef48e3b28.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs851043aa-20cc-46b7-a4e2-c4fb5f0bc639.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs03b162bf-f6f1-41c5-9b3c-4c38d16280ab.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb5c4b7c3-4b98-45f5-a25b-8daf7a27a532.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb4885f02-3477-43ea-bd91-2ee96ea16ef2.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs85687539-ea97-452b-be06-e871355cf22b.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfbc74660-3168-42c9-8091-5602be35e35c.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa9b1e80a-ba5a-46b3-a196-ce92345efbd4.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf0d4292c-14e7-4597-ab88-9d86c95fb9c6.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs12793b99-8d08-43cd-b9e1-9aa347a9a3df.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs89405179-90ed-47c9-aa16-e28c7fa4cf1d.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs502e83c2-aa5f-4be6-b8f3-06144445f8c3.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5fdb169a-0ea2-45ea-96be-6766f6897759.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs839a2fd1-b159-48c8-a5b5-0a54f8963ad9.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa64ab1e2-33ae-4576-b0ca-41e6809c23ef.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6e393cc1-b98a-4edf-8874-a54ade18f7bc.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5d5bad2f-855b-434b-834c-652b77468c40.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs46567374-d3ae-43a8-b496-308e3e401107.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsba2f0c28-9c31-48e6-8fe2-8aa8f409e990.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs515ba8a2-da19-4e22-a82b-0823581e8281.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb398de6d-4c79-482f-9f43-cb0c72257950.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfe2346dc-2299-4304-8bce-289ae88e8d69.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0c285b5a-baa4-4fe8-af03-e646b2ab83d8.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsecd57a3b-ee52-4144-be4b-ee4e425d1db1.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e6d795f-59ea-46c7-b9d8-1ce6ec05f81b.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs61a5403c-56a5-415b-96e1-fce5df3dd74e.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8a4a2f75-c44c-434f-96b6-cf04292bbfe9.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3991a18b-f453-419d-b266-84c42a15aba5.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse9bbeca2-04f2-47b7-97f4-6030f38111df.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7e67c503-22c6-4a1d-8f6b-471bdb1dd93f.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1395726f-24bf-44f2-9d83-6185fe2e30fe.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs42fd2eef-60df-4f88-8fde-25c1684e1566.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs82b1ebd7-3988-4b69-864a-a4e1e2d9b958.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2ed19c4c-8237-4c4f-8aee-5cd800bd2033.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1b1af205-720e-4af4-9d09-493ef1115fc0.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs008ed442-a32d-4378-8d3b-c0ab62bb522b.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdc81784b-7815-451a-8855-7c090d7a008f.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0527ddfe-af5f-43e0-84f5-85486d6d6b96.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd95db490-775f-47b6-9249-e2a0460b8d56.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa71e778f-e381-4314-bc48-d0af300df12d.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb8eb4390-26e6-419e-aad3-a9db690e43b6.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs06dec452-84f2-47f5-93af-8e549cc2b0ab.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7156a704-8757-4276-b81e-d985102a1c01.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa83e7a08-2d81-45f8-b1f9-f0b79b6fa6ba.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa9614090-6175-4666-8590-24d392bbbb5c.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs01e308d6-4a3b-4c61-90f3-2a5ff3ffa7f6.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfefd91dd-bfee-45b7-a17d-9c0f2e57cee2.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6ac4d12a-733c-44da-8b6c-4183b05442dd.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc06392d5-a79f-441f-b564-6c30d638c540.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse546e694-e6d9-4dfc-9f72-ca9a8aea0260.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs48f7da7a-cb7e-4c0c-8998-1f2669d69c75.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs116a612a-3071-4cc6-b3a6-c79cd14bdcb9.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs63dbe8bc-70ee-4019-9d4c-2cc5a8e5ad77.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs244ed40a-ab3e-449f-88eb-4c6ebd12dc08.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs62514a7b-199b-43db-912e-89b4605946da.tmp". The process cannot access the file because it is being used by another process
2:46 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7d9671e4-8eca-472b-99ef-3189bbb8b989.tmp". The process cannot access the file because it is being used by another process
2:47 PM: backup-20050227-113148-501.dll (ID = 50077)
2:48 PM: Found Adware: browseraid
2:48 PM: mcasupd.inf (ID = 51928)
2:48 PM: ysbactivex.dll (ID = 91028)
2:48 PM: ysbactivex.inf (ID = 91033)
2:48 PM: Found Adware: casinopalazzo
2:48 PM: on-line.exe (ID = 52315)
2:49 PM: Found Adware: whenu
2:49 PM: c:\program files\common files\whenu (1 subtraces) (ID = -2147480379)
2:49 PM: wmplayer.exe (ID = 179183)
2:53 PM: Found Adware: bonzi buddy
2:53 PM: bonzi.exe (ID = 51609)
2:53 PM: Found Adware: whenu savenow
2:53 PM: c:\program files\save (ID = -2147480378)
2:54 PM: c:\program files\cxtpls (18 subtraces) (ID = -2147481418)
2:54 PM: wingenerics.dll (ID = 50187)
2:54 PM: ace.dll (ID = 50008)
2:54 PM: cxtpls.dll (ID = 50077)
2:54 PM: cxtpls.exe (ID = 50092)
2:54 PM: proxystub.dll (ID = 50140)
2:54 PM: uninstaller.exe (ID = 50174)
2:54 PM: proxystub.dll (ID = 50140)
2:54 PM: Found Adware: webrebates
2:54 PM: c:\program files\web_rebates (52 subtraces) (ID = -2147480050)
2:54 PM: 00001118.php (ID = 63853)
2:54 PM: 00001126.exe (ID = 90744)
2:54 PM: 00001133.inf (ID = 63846)
2:54 PM: windows media player.lnk (ID = 179183)
2:54 PM: windows media player.lnk (ID = 179183)
2:54 PM: windows media player.lnk (ID = 179183)
2:54 PM: windows media player.lnk (ID = 179183)
2:54 PM: windows media player.lnk (ID = 179183)
2:54 PM: File Sweep Complete, Elapsed Time: 00:12:37
2:54 PM: Full Sweep has completed. Elapsed time 00:21:06
2:54 PM: Traces Found: 326
3:06 PM: Removal process initiated
3:06 PM: Quarantining All Traces: 2nd-thought
3:06 PM: Quarantining All Traces: cws-aboutblank
3:06 PM: Quarantining All Traces: purityscan
3:06 PM: Quarantining All Traces: surfsidekick
3:07 PM: Quarantining All Traces: apropos
3:07 PM: Quarantining All Traces: bonzi buddy
3:07 PM: Quarantining All Traces: marketscore
3:07 PM: Quarantining All Traces: trojan-downloader-pacisoft
3:07 PM: Quarantining All Traces: bookedspace
3:07 PM: Quarantining All Traces: browseraid
3:07 PM: Quarantining All Traces: casinopalazzo
3:07 PM: Quarantining All Traces: command
3:07 PM: Quarantining All Traces: dealhelper
3:07 PM: Quarantining All Traces: ezula ilookup
3:07 PM: Quarantining All Traces: instant access
3:07 PM: Quarantining All Traces: isearch toolbar
3:07 PM: Quarantining All Traces: ist sidefind
3:07 PM: Quarantining All Traces: ist software
3:07 PM: Quarantining All Traces: ist yoursitebar
3:07 PM: Quarantining All Traces: powerscan
3:07 PM: Quarantining All Traces: sexfiles dialers
3:07 PM: Quarantining All Traces: showbehind
3:07 PM: Quarantining All Traces: virtualbouncer
3:08 PM: Quarantining All Traces: webrebates
3:08 PM: Quarantining All Traces: whenu savenow
3:08 PM: Quarantining All Traces: whenu searchbar/pricebandit
3:08 PM: Quarantining All Traces: whenu
3:08 PM: Quarantining All Traces: wurldmedia
3:08 PM: Quarantining All Traces: 2o7.net cookie
3:08 PM: Quarantining All Traces: atwola cookie
3:08 PM: Quarantining All Traces: cc214142 cookie
3:08 PM: Quarantining All Traces: maxserving cookie
3:08 PM: Quarantining All Traces: trafficmp cookie
3:08 PM: Quarantining All Traces: tribalfusion cookie
3:08 PM: Quarantining All Traces: yieldmanager cookie
3:08 PM: Removal process completed. Elapsed time 00:01:29
********
2:14 PM: | Start of Session, Sunday, November 20, 2005 |
2:14 PM: Spy Sweeper started
2:15 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
2:26 PM: Updating spyware definitions
2:32 PM: Your spyware definitions have been updated.
2:33 PM: | End of Session, Sunday, November 20, 2005 |


And here is the hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 3:15:08 PM, on 11/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\WINDOWS\DESKTOP\IMPORTANT FOR SAFE COMP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
F1 - win.ini: run=hpfsched hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: dlexpertclick Class - {A6927151-F5B4-11D4-AE7A-00D00925CF52} - C:\PROGRA~1\DLEXPERT\DLL\IEHELPER.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download by DLExpert (Faster) - C:\Program Files\DLExpert\get.htm
O8 - Extra context menu item: Download &All by DLExpert (Faster) - C:\Program Files\DLExpert\getall.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra 'Tools' menuitem: &DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se ... loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b35645.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am

Unread postby VopThis » November 20th, 2005, 8:04 pm

Fix the following additional item in HJT:

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab
REFERENCE: http://www.blogtext.org/andy/article/147.html



Did you resolve your ActiveX question - what did pcpitstop tell you on that? It is likely that your 'AOL SPYWARE PROTECTION' is interfering with your online scans. Find out from AOL how to temporarily disable that application if you wish to pursue your online scanning issues.

How is your PC now doing? Please describe any continuing issues, if any are still present.
User avatar
VopThis
Regular Member
 
Posts: 203
Joined: August 1st, 2005, 1:43 am
Location: Halifax, Nova Scotia, Canada

Unread postby steventhebol » November 20th, 2005, 8:43 pm

Pcpitstop told me I had the activeX installed on my computer (it showed the correct time when i went through the activeX test on there). I'll definitely have to check out the problem on AOL with it since this has never happened before.

As for the computer it's running very smoothly now. Before all of the malware/spyware deleting process started, I kept getting error messages that said my computer was running low on resources even though I would only have like two or three programs up (which usually don't take up much memory). Now things are much better in that department and the computer appears to be faster than before. Thanks for all of your help man. Really appreciate it.
steventhebol
Active Member
 
Posts: 9
Joined: November 18th, 2005, 2:56 am

Unread postby NonSuch » November 30th, 2005, 8:14 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware