Tech Support Forum - View Single Post - Multiple pop-ups on multiple user system

stretched · 01-12-2006, 07:52 PM

OK, problems I had:

Removed McAfee, downloaded AVG, could not install it, during the install process it gave an error on a file, not sure what the trouble was.

After running everthing you said to run in safe mode, you told me to search for some programs, computer froze on search.

Had to reboot in safemode again, ran hijack this again and verified that the items previously removed by it in safemode were still not there. Then I seached for the dll files, and that other one, were not found, and I still have show hidden files checked and hide protected operating system, files unchecked.

Then I started in normal and did the rest as you said. So those were the only problems.

And the answer to: "How is it now" is got a couple of popups from the same as usual during all of this, and when getting on again now, after everything, so far one popup.

But I just came here did not surf for encounters. All the logs below:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:16:11 PM, 1/12/2006
+ Report-Checksum: 5C9C9D21

+ Scan result:

HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Downloads -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Files -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Install -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Server -> Spyware.WebSearch : Error during cleaning
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\HJT\backups\backup-20060110-014730-776.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\HJT\backups\backup-20060110-014730-824.dll -> Spyware.ActivShopper : Cleaned with backup
C:\HJT\backups\backup-20060110-014733-325.dll -> Dialer.Generic : Cleaned with backup
C:\HJT\backups\backup-20060110-014733-998.dll -> Spyware.Comet : Cleaned with backup
C:\HJT\backups\backup-20060110-014734-117.dll -> Dialer.Generic : Cleaned with backup
C:\HJT\backups\backup-20060110-014734-344.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\CMAPP\Client\cmappclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll -> Adware.Agent : Cleaned with backup
C:\Program Files\Zango Programs\Zango Toolbar\ZangoTBUninstaller.exe -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\rjbherd.exe -> Dropper.Agent.vl : Cleaned with backup
C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsd253.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsd2CB.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nse256.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsg250.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nshAE0.dll -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsn28F.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsu249.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsu2A2.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsxB91.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsy2C5.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsz2C8.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysnetsvc32.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\wirelanb.dll -> Spyware.SafeSurfing : Cleaned with backup

::Report End

ACTIVESCAN

Incident Status Location

Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\PSHWR.EXE
Adware:Adware/NaviPromo Not disinfected C:\Program Files\MailSkinner\OESkinner.dll
Adware:adware/bigtrafficnet Not disinfected c:\documents and settings\mommy\favorites\1111\1111.url
Spyware:spyware/safesurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe
Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq_nav.dat
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat
Dialer:dialer generic Not disinfected C:\PROGRAM FILES\dialers
Adware:adware/pacimedia Not disinfected c:\documents and settings\mommy\favorites\1111
Adware:adware/comet Not disinfected C:\Documents and Settings\Mommy\Application Data\Starware
Adware:adware/dyfuca Not disinfected C:\WINDOWS\STWSI
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZANGO TOOLBAR
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\SOFTWARE\TOOLBAR
Adware:adware/activshopper Not disinfected Windows Registry
Potentially unwanted tool:application/funweb Not disinfected HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Dialer:dialer.b Not disinfected HKEY_CLASSES_ROOT\CLSID\{C6760A07-A574-4705-B113-7856315922C3}
Adware:adware/transponder Not disinfected Windows Registry
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.dll
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.exe
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\Uninstall.exe
Adware:Adware/WinTools Not disinfected C:\Program Files\knights_shiryu1\insthlp.dat
Adware:Adware/NaviPromo Not disinfected C:\Program Files\MailSkinner\OESkinner.dll
Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONcomp.dll
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV4.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\lanbruns.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\lyzfmgqu.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\pshwr.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\vuwaqtf.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\zbvugea.exe
Logfile of HijackThis v1.99.1Scan saved at 8:26:33 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1068.dll,InstantAccess
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

UNINSTALL LIST

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Banctec Service Agreement
BloodRayne Screen Saver Screen Saver
Broadcom Management Programs
CleanUp!
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (734)
EarthLink Setup Files
ewido anti-malware
FileZilla (remove only)
FlatOut Demo
GameSpy 3D
GameSpy Arcade
Get High Speed Internet!
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
IrfanView (remove only)
ItalMgr
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
JumpStart 1st Grade 2000
JumpStart 3rd Grade v1.0
JumpStart 3rd Grade v1.2
JumpStart 4th Grade v1.3
Jumpstart 5th Grade v1.2
JumpStart Kindergarten 98 v2.5
JumpStart Parent Resource Center
JumpStart Typing v1.1
kagtolwq
kjecuy
knights_shiryu1
LANBridge
Lavasoft VX2 Cleaner
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice for Microsoft Agent
lyzfmgqu
Macromedia Flash Player 8
MailSkinner
Math Blaster Ages 9-12
MCR_screensaver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mm_saver ScreenSaver
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Napster
Napster Burn Engine
Net Checkers 5
NetZero
NetZeroInstallers
Panda ActiveScan
PShow
QuickTime
QuickTime 3.0
Screensavers Installer
Search Assistant
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912919)
SpellForce
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sysnet
The Best Offers
The Spider-Man 2 Demo
TicTacToe
TotalAccess Smart Installer
Traitors Gate
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
WebSearch Tools
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip
WordPerfect Office 12
Zango Toolbar
zbvugea

end of the unistall list.

I did run cleanup also it removed like, over a thousand files. I had run the windows disk clean recently...

Alright really appreciate your help again, thank you for taking the time.

(still) Stretched

01-12-2006, 07:52 PM	#6 (permalink)
stretched Registered User Join Date: Aug 2005 Posts: 115 OS: Windows XP	OK, problems I had: Removed McAfee, downloaded AVG, could not install it, during the install process it gave an error on a file, not sure what the trouble was. After running everthing you said to run in safe mode, you told me to search for some programs, computer froze on search. Had to reboot in safemode again, ran hijack this again and verified that the items previously removed by it in safemode were still not there. Then I seached for the dll files, and that other one, were not found, and I still have show hidden files checked and hide protected operating system, files unchecked. Then I started in normal and did the rest as you said. So those were the only problems. And the answer to: "How is it now" is got a couple of popups from the same as usual during all of this, and when getting on again now, after everything, so far one popup. But I just came here did not surf for encounters. All the logs below: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 7:16:11 PM, 1/12/2006 + Report-Checksum: 5C9C9D21 + Scan result: HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Error during cleaning HKLM\SOFTWARE\Toolbar\Downloads -> Spyware.WebSearch : Error during cleaning HKLM\SOFTWARE\Toolbar\Files -> Spyware.WebSearch : Error during cleaning HKLM\SOFTWARE\Toolbar\Install -> Spyware.WebSearch : Error during cleaning HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Error during cleaning HKLM\SOFTWARE\Toolbar\Server -> Spyware.WebSearch : Error during cleaning HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup C:\HJT\backups\backup-20060110-014730-776.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\HJT\backups\backup-20060110-014730-824.dll -> Spyware.ActivShopper : Cleaned with backup C:\HJT\backups\backup-20060110-014733-325.dll -> Dialer.Generic : Cleaned with backup C:\HJT\backups\backup-20060110-014733-998.dll -> Spyware.Comet : Cleaned with backup C:\HJT\backups\backup-20060110-014734-117.dll -> Dialer.Generic : Cleaned with backup C:\HJT\backups\backup-20060110-014734-344.dll -> Spyware.WinAD : Cleaned with backup C:\Program Files\CMAPP\Client\cmappclient.exe -> Spyware.CASClient : Cleaned with backup C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll -> Adware.Agent : Cleaned with backup C:\Program Files\Zango Programs\Zango Toolbar\ZangoTBUninstaller.exe -> Adware.180Solutions : Cleaned with backup C:\WINDOWS\AuroraHandler.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\rjbherd.exe -> Dropper.Agent.vl : Cleaned with backup C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.SAHA : Cleaned with backup C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup C:\WINDOWS\SYSTEM32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup C:\WINDOWS\SYSTEM32\nsd253.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsd2CB.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nse256.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsg250.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nshAE0.dll -> Adware.EZula : Cleaned with backup C:\WINDOWS\SYSTEM32\nsn28F.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsu249.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsu2A2.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsxB91.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsy2C5.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\nsz2C8.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\SYSTEM32\sysnetsvc32.dll -> Dialer.Generic : Cleaned with backup C:\WINDOWS\SYSTEM32\wirelanb.dll -> Spyware.SafeSurfing : Cleaned with backup ::Report End ACTIVESCAN Incident Status Location Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\PSHWR.EXE Adware:Adware/NaviPromo Not disinfected C:\Program Files\MailSkinner\OESkinner.dll Adware:adware/bigtrafficnet Not disinfected c:\documents and settings\mommy\favorites\1111\1111.url Spyware:spyware/safesurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq_nav.dat Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat Dialer:dialer generic Not disinfected C:\PROGRAM FILES\dialers Adware:adware/pacimedia Not disinfected c:\documents and settings\mommy\favorites\1111 Adware:adware/comet Not disinfected C:\Documents and Settings\Mommy\Application Data\Starware Adware:adware/dyfuca Not disinfected C:\WINDOWS\STWSI Adware:adware/wupd Not disinfected Windows Registry Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZANGO TOOLBAR Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\SOFTWARE\TOOLBAR Adware:adware/activshopper Not disinfected Windows Registry Potentially unwanted tool:application/funweb Not disinfected HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Dialer:dialer.b Not disinfected HKEY_CLASSES_ROOT\CLSID\{C6760A07-A574-4705-B113-7856315922C3} Adware:adware/transponder Not disinfected Windows Registry Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.dll Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.exe Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\Uninstall.exe Adware:Adware/WinTools Not disinfected C:\Program Files\knights_shiryu1\insthlp.dat Adware:Adware/NaviPromo Not disinfected C:\Program Files\MailSkinner\OESkinner.dll Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONcomp.dll Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV4.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\lanbruns.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\lyzfmgqu.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\pshwr.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\vuwaqtf.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\zbvugea.exe Logfile of HijackThis v1.99.1Scan saved at 8:26:33 PM, on 1/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\program files\mailskinner\mailskinner.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1068.dll,InstantAccess O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe UNINSTALL LIST Ad-Aware SE Personal Adobe Acrobat - Reader 6.0.2 Update Adobe Reader 6.0.1 America Online (Choose which version to remove) AOL Coach Version 1.0(Build:20030807.3) Banctec Service Agreement BloodRayne Screen Saver Screen Saver Broadcom Management Programs CleanUp! Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Support 5.0.0 (734) EarthLink Setup Files ewido anti-malware FileZilla (remove only) FlatOut Demo GameSpy 3D GameSpy Arcade Get High Speed Internet! Google Toolbar for Internet Explorer HijackThis 1.99.1 Intel(R) 537EP V9x DF PCI Modem Intel(R) Extreme Graphics Driver Internet Explorer Default Page IrfanView (remove only) ItalMgr Jasc Paint Shop Photo Album Jasc Paint Shop Pro 8 Dell Edition Java 2 Runtime Environment, SE v1.4.2_03 JumpStart 1st Grade 2000 JumpStart 3rd Grade v1.0 JumpStart 3rd Grade v1.2 JumpStart 4th Grade v1.3 Jumpstart 5th Grade v1.2 JumpStart Kindergarten 98 v2.5 JumpStart Parent Resource Center JumpStart Typing v1.1 kagtolwq kjecuy knights_shiryu1 LANBridge Lavasoft VX2 Cleaner Learn2 Player (Uninstall Only) Lernout & Hauspie TruVoice for Microsoft Agent lyzfmgqu Macromedia Flash Player 8 MailSkinner Math Blaster Ages 9-12 MCR_screensaver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft Office 2000 Premium Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE mm_saver ScreenSaver Modem Event Monitor Modem Helper Modem On Hold MSN Musicmatch for Windows Media Player Musicmatch® Jukebox Napster Napster Burn Engine Net Checkers 5 NetZero NetZeroInstallers Panda ActiveScan PShow QuickTime QuickTime 3.0 Screensavers Installer Search Assistant Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB912919) SpellForce Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 Sysnet The Best Offers The Spider-Man 2 Demo TicTacToe TotalAccess Smart Installer Traitors Gate Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB910437) Viewpoint Media Player WebSearch Tools Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinZip WordPerfect Office 12 Zango Toolbar zbvugea end of the unistall list. I did run cleanup also it removed like, over a thousand files. I had run the windows disk clean recently... Alright really appreciate your help again, thank you for taking the time. (still) Stretched