Thread: Please check my log and tell if there is any problems?
View Single Post
Old 12-01-2005, 10:19 AM   #4 (permalink)
Jermu
Registered User
 
Join Date: Nov 2005
Location: Finland
Posts: 7
OS: xp


Okay, I did everything as told and here are the results:

Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 17:09:46, 1.12.2005
+ Report-Checksum: 3C9C0AA

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{5596A501-9A62-4964-994A-1A50B5B2F33F}\TypeLib\\ -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{55A6D014-7ED9-4D5F-9667-67153C1E8DCB}\TypeLib\\ -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{572AC135-B81F-4578-85ED-2B263BDAC66C}\TypeLib\\ -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D81C8764-576C-4901-ACCB-3F49122DB1D3}\TypeLib\\ -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm20.ocx\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm20.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/roing17.ocx\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/roing17.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ObjSafe.tlb\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ObjSafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKU\S-1-5-21-842925246-2049760794-725345543-1006\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-842925246-2049760794-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} -> Spyware.TwainTech : Cleaned with backup
:mozilla.10:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.23:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.24:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.25:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.26:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.38:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.39:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.40:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.41:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.42:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.47:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.51:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.55:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.101:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.103:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.111:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.114:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.115:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.119:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.122:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.123:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.124:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.125:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.126:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.127:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.128:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.135:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.136:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.153:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.154:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.158:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.160:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.162:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.163:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.164:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.170:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.171:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.174:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.196:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
:mozilla.208:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.209:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.254:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.292:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.294:C:\Documents and Settings\elmeri\Application Data\Mozilla\Firefox\Profiles\bzdzaumg.Jesse\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\casicon.0xe/icon.exe -> Trojan.VB.ot : Cleaned with backup
C:\WINDOWS\prelimhanse.exe -> Spyware.WebHancer : Cleaned with backup
L:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs -> Trojan.Qhost.ew : Cleaned with backup


::Report End


Panda log:

Incident Status Location

Adware:adware/clickalchemy Not desinfected C:\WINDOWS\alchem.ini
Adware:adware/twain-tech Not desinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/adclicker Not desinfected C:\WINDOWS\usta32.ini
Adware:adware/maxifiles Not desinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/p2pnetworking Not desinfected Windows Registry
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.jar-2cb7cc7c-17694dc2.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.jar-2cb7cc7f-45ce33a1.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.jar-31f06070-7246cbb6.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-1551efd4.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-23db0402.zip[InstallerApplet.class]
Adware:Adware/Maxifiles Not desinfected C:\Program Files\Common Files\InetGet\mc-58-12-0000080.exe
Adware:Adware/Maxifiles Not desinfected C:\Program Files\Common Files\Windows\mc-58-12-0000080.exe



Antispyware log:
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\P2P Networking\Clients'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\ssprint'
Found 'Location' in 'SOFTWARE\Magnet'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found 'iebar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\Common Files\SearchUpgrader'
Found '' in 'C:\Program Files\whInstall'
Found 'alchem.inf' in 'C:\WINDOWS\inf'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\Common Files\SearchUpgrader' in shortcut areas.
Checking for 'C:\Program Files\Common Files\SearchUpgrader' in startup areas.
Cleaning 'C:\Program Files\Common Files\SearchUpgrader'
Checking for 'C:\Program Files\Common Files\SearchUpgrader\client.cfg' in shortcut areas.
Checking for 'C:\Program Files\Common Files\SearchUpgrader\client.cfg' in startup areas.
Cleaning 'C:\Program Files\Common Files\SearchUpgrader\client.cfg'
Checking for 'C:\Program Files\Common Files\SearchUpgrader\system.cfg' in shortcut areas.
Checking for 'C:\Program Files\Common Files\SearchUpgrader\system.cfg' in startup areas.
Cleaning 'C:\Program Files\Common Files\SearchUpgrader\system.cfg'
Checking for 'C:\Program Files\whInstall' in shortcut areas.
Checking for 'C:\Program Files\whInstall' in startup areas.
Cleaning 'C:\Program Files\whInstall'
Checking for 'C:\WINDOWS\inf\alchem.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\alchem.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\alchem.inf'
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning



And last the HijackThis! log:
Logfile of HijackThis v1.99.1
Scan saved at 19:13:39, on 1.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Jesse\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saunalahti.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kiuruvedenop.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8000;https=127.0.0.1:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [ATIPRB] C:\ATI-CPanel\atiprbxx.exe /g
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O12 - Plugin for .r: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


So there you have it. There were so much spyware and other stuff to clean!
Is everything now in control?
Jermu is offline