Hi and Welcome to TSF!

To get immediate notification of fixes as soon as they are posted by our Team, please subscribe to this thread. Click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

You should not have any browsers on while carrying out the Fix. So please save the next instructions in Wordpad as this page would not be available then. I have customed my instructions on the assumption that you have Wordpad 'On'. If you should choose to do otherwise, it may lead to some confusion.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

It is also important you don't miss a step and perform everything in the right order!!.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install

Ewido Security Suite - Install & Update it's database but do not run it yet.

Unplug your computer from the Internet when you have finished downloading

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE

1. Restart the computer. The computer begins processing a set of instructions known as BIOS.
2. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
3. Continue to do so until the 'Windows Advanced Options' menu appears.
4. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel > Add/Remove Programs :

• Side Step
  DeskMate

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER WINDOWS. NOTHING ELSE SHOULD BE RUNNING

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {19A86B7D-BB63-7CC8-800B-11557980734C} - C:\WINDOWS\system32\bfzx.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O4 - HKLM\..\Run: [swhost] C:\WINDOWS\system32\swhost.exe
O4 - HKLM\..\Run: [qkzo] C:\documents and settings\captveg\local settings\temp\qkzo.exe
O4 - HKLM\..\Run: [MRP] C:\documents and settings\captveg\local settings\temp\MRP.exe
O4 - HKLM\..\Run: [I8HBhah] C:\documents and settings\captveg\local settings\temp\I8HBhah.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [6mLihLR4f] C:\documents and settings\captveg\local settings\temp\6mLihLR4f.exe
O4 - HKLM\..\Run: [2] C:\documents and settings\captveg\local settings\temp\2.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptem...iveSekurity.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/contro...eb/ikcntrls.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files

1. From Windows Explorer, go to Tools>Folder Options>View tab.
2. enable the option for `Show hidden files and folder´
3. disable the option for `Hide file extensions for known types´
4. disable the option for `Hide protected operating system files´
5. click "Yes" to confirm & then click "OK"

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Locate and delete the following folder(s), if present:

• C:\PROGRA~1\DESKMA~1\

Locate and delete the following file(s), if present:

• C:\WINDOWS\system32\bfzx.dll
  C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
  C:\WINDOWS\system32\swhost.exe

Search for & delete ... using "Start>Search..." the following file(s), if present:

• D0CE0C16B1, D0CE0C16B1

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Cleanup! with the following configuration:

1. Click Options...
2. Move the arrow down to Custom CleanUp!
3. Put a check next to the following:
   • Empty Recycle Bins
   • Delete Cookies
   • Delete Prefetch files (Windows XP only)
   • [X]Scan local drives for temporary files (Please uncheck this option)
   • Cleanup! All Users
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders without making a backup

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Ewido:

1. Click Scanner
2. Click Complete System Scan to begin scanning.
3. Click OK when prompted to clean files
4. With the first file it prompts to clean, select the option:
   • "Perform action on all infections"
   • Choose clean and click OK.
5. Once finished, click the Save report button
6. Save the report to your desktop

Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Go to HijackThis>Config>Misc Yools ... - Open ADS Spy

• CheckMark - Quick Scan
• CheckMark - Ignore safe system info stream
• Click on the Scan button
• Click on Save Report
• Post the contents of the report in yout next reply

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

Perform an online scan with Internet Explorer at one of the following sites:

• Panda ActiveScan
• BitDefender Online Scanner
• Trend Micro™ HouseCall
• RAV Antivirus
• McAfee

Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:

1. HiJackThis
2. Online scan
3. ADS Spy
4. Ewido

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

 

Well, that certainly seems to have done the job. What a pain in the..... that thing is....

Okay, so here's my logs:

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 7:53:25 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\captveg\My Documents\Other\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mail.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Metb] C:\Documents and Settings\captveg\Application Data\sost.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I didn't get a log from the online scan I used (TrendMicro), but I can tell you that it couldn't clean the following:

JAVA_FEMAD.B
JAVA_BYTEVER.A
JAVA_BYTEVER.C
JAVA_BYTEVER.A-1
TROJ_BRDUPDATE.D
TROJ.UB.JV

ADS Spy found nothing and therefore has no log.

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:52:52 PM, 7/27/2005
+ Report-Checksum: 30B4E189

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-1078081533-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1078081533-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D714A94F-123A-45CC-8F03-040BCAF82AD6} -> Spyware.SideStep : Cleaned with backup
HKU\S-1-5-21-1078081533-602162358-682003330-1003\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-195fb927-2af80f63.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2c69dc81-530faf27.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-35499cca-2f8797ba.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3ad2bfbd-7471d17f.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4780c334-4fac3b09.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5a7be286-46c28346.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63eb2129-6a521972.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6e51427-2036c2a7.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-71635afb-5637066d.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7e33466e-55833a24.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-2f69cc8a-77b9f245.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-42cc01d1-2bf1f1d9.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-55e3cddc-610332e6.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-58da67bd-2121c44e.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-605c7197-2af7a52e.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-7230b07d-733442da.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-7725c520-3f108a30.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-8d8d393-6bc732a2.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-d8573ff-70a11328.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\captveg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-deaa3c4-68960b11.class -> Trojan.Byteverify : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AF14BFA-9A55-4140-B953-909D8B\082299A9-37F1-4716-9548-B7ADDE -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AF14BFA-9A55-4140-B953-909D8B\36D4B977-6DA2-4FB3-940D-CC7BFB -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\31A40201-8387-4C55-AE0A-C2837C\DA8177FF-D93A-4BC7-90B5-1E7336 -> Dialer.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\660C4B23-B3CD-4C37-BF8F-C1244D\63B3689D-8F00-4305-BF3E-6BE2D2 -> Adware.MidADle : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\983BB200-68CD-485A-AAD1-703AF3\72A0F4A3-2CC8-4A15-80EE-66476B -> Spyware.Relevance : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E00E18B2-F58B-438C-A2AC-4446EA\73BD2363-355F-417C-83EE-A2FBD2 -> Adware.MidADle : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaPassX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\admdloader.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\system32\admfdi.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dlltmp -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\BO2809040510.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\c35b7s.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\c35b7s.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\system32\EGDHTML_1023.dll -> TrojanDownloader.Wintrim.h : Cleaned with backup
C:\WINDOWS\system32\ezWebRebatesV1.dll -> TrojanDropper.Mudrop.m : Cleaned with backup
C:\WINDOWS\system32\GrlNt01.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\GrlNt01.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\system32\in8PwrScrMs1086.dll -> TrojanDropper.Mudrop.m : Cleaned with backup
C:\WINDOWS\system32\jg4gs.dll -> TrojanDownloader.Rameh.b : Cleaned with backup
C:\WINDOWS\system32\m852s.dll -> TrojanDropper.Mudrop.m : Cleaned with backup
C:\WINDOWS\system32\Setup404Search.exe -> Spyware.404Search : Cleaned with backup
C:\WINDOWS\system32\SHAgentNew.dll -> Adware.SAHA : Cleaned with backup


::Report End

Antispyware.log:

Started Scanning
Internet Cookies
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'about.com' in 'Internet Explorer Cache'
Found 'go.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Oska Educational Systems\DeskMates'
Found '' in 'SOFTWARE\Classes\.xmfg'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Control'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{F02C0AE1-D796-42C9-81E1-084D88F79B8E}'
Found '' in 'SOFTWARE\Classes\CLSID\{F02C0AE1-D796-42C9-81E1-084D88F79B8E}\InProcServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{F02C0AE1-D796-42C9-81E1-084D88F79B8E}\ProgID'
Found '' in 'SOFTWARE\Classes\GnucDNA.Core'
Found '' in 'SOFTWARE\Classes\GnucDNA.Core\CLSID'
Found '' in 'SOFTWARE\Classes\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}'
Found '' in 'SOFTWARE\Classes\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}'
Found '' in 'SOFTWARE\Classes\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}'
Found '' in 'SOFTWARE\Classes\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}'
Found '' in 'SOFTWARE\Classes\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}'
Found '' in 'SOFTWARE\Classes\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{89DC33A2-F86F-42A1-8B5F-D4D1943EFC9C}'
Found '' in 'SOFTWARE\Classes\Interface\{89DC33A2-F86F-42A1-8B5F-D4D1943EFC9C}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{89DC33A2-F86F-42A1-8B5F-D4D1943EFC9C}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{89DC33A2-F86F-42A1-8B5F-D4D1943EFC9C}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}'
Found '' in 'SOFTWARE\Classes\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}'
Found '' in 'SOFTWARE\Classes\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}'
Found '' in 'SOFTWARE\Classes\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}'
Found '' in 'SOFTWARE\Classes\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}'
Found '' in 'SOFTWARE\Classes\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}'
Found '' in 'SOFTWARE\Classes\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}'
Found '' in 'SOFTWARE\Classes\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}'
Found '' in 'SOFTWARE\Classes\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}'
Found '' in 'SOFTWARE\Classes\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}'
Found '' in 'SOFTWARE\Classes\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\JCDE_Stack.1'
Found '' in 'SOFTWARE\Classes\JCDE_Stack.1\CLSID'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PrecisionTime'
Found '' in 'SOFTWARE\Classes\CLSID\{0E4796D6-A990-4372-9069-72FBDB4AE868}\InprocServer32'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540000}'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0'
Found '' in 'SOFTWARE\Classes\Interface\{D65377CD-5BA2-4108-B670-D2565DE0FB69}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D65377CD-5BA2-4108-B670-D2565DE0FB69}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D65377CD-5BA2-4108-B670-D2565DE0FB69}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D65377CD-5BA2-4108-B670-D2565DE0FB69}'
Found '' in 'SOFTWARE\Classes\Interface\{D309267C-4699-4E70-B09E-B50B674493FA}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D309267C-4699-4E70-B09E-B50B674493FA}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D309267C-4699-4E70-B09E-B50B674493FA}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D309267C-4699-4E70-B09E-B50B674493FA}'
Found '' in 'SOFTWARE\Classes\Interface\{1A8BBF6D-E27B-4E5D-8FA6-B2C56B2B3B86}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{1A8BBF6D-E27B-4E5D-8FA6-B2C56B2B3B86}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{1A8BBF6D-E27B-4E5D-8FA6-B2C56B2B3B86}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{1A8BBF6D-E27B-4E5D-8FA6-B2C56B2B3B86}'
Found '' in 'Software\bmeb'
Found '' in 'SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A}'
Found '' in 'Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Adult Links'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID'
Found 'AppID' in 'SOFTWARE\Classes\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}'
Found '' in 'CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\captveg\Favorites\Sports'
Found '!update.exe' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'bb.exe' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'Belt.inf' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'Belt.ini' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'conscorr.inf' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'conscorr.ini' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'GLC57.tmp' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'GLC74.tmp' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'GLCE.tmp' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'SYSsfitb.exe' in 'C:\Documents and Settings\captveg\Local Settings\Temp\ICD8.tmp'
Found 'localNrd.inf' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found 'TBPS.exe' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found '__unin__.exe' in 'C:\Documents and Settings\captveg\Local Settings\Temp'
Found '' in 'C:\Program Files\Media Pass'
Found 'MediaPass.exe' in 'C:\Program Files\Media Pass'
Found 'MediaPassC.dll' in 'C:\Program Files\Media Pass'
Found 'MediaPassK.exe' in 'C:\Program Files\Media Pass'
Found '0B5B6FAD-E9F9-4371-96C6-7F02B9' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found '24C8CCC0-AD74-4E36-8F52-7504BA' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found '2D7A3E16-0CBB-4F8B-8E3C-A32C86' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found '4FDF0FD6-695B-4CF6-B0EE-35C557' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found '5ACA1442-693D-483B-A57F-21E038' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found '698608AD-735C-40C8-A7F5-EDAFAB' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found 'DCCA3B49-D914-4FA2-827D-17DAF7' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4'
Found 'DB1EE736-3484-4DE8-8C96-840289' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\CE9E3D18-3761-4F67-9510-4748EA'
Found 'Bargains.0xe' in 'C:\Temp'
Found 'salm_gdf.dat' in 'C:\Temp'
Found 'Belt.inf' in 'C:\WINDOWS\inf'
Found 'biini.inf' in 'C:\WINDOWS\inf'
Found 'kwv2.dat' in 'C:\WINDOWS'
Found 'back.gif' in 'C:\WINDOWS\system32'
Found 'GnucDNA.dll' in 'C:\WINDOWS\system32'
Found 'o2oService_2.0ll' in 'C:\WINDOWS\system32'
Found 'P2P Networking v125.cpl' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Favorites\Sports'
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports\ESPN.com.url' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports\ESPN.com.url' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Favorites\Sports\ESPN.com.url'
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports\San Francisco 49ers.url' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports\San Francisco 49ers.url' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Favorites\Sports\San Francisco 49ers.url'
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports\SI.com.url' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Favorites\Sports\SI.com.url' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Favorites\Sports\SI.com.url'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\!update.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\!update.exe' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\!update.exe'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\bb.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\bb.exe' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\bb.exe'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\Belt.inf' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\Belt.inf' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\Belt.inf'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\Belt.ini' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\Belt.ini' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\Belt.ini'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\conscorr.inf' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\conscorr.inf' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\conscorr.inf'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\conscorr.ini' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\conscorr.ini' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\conscorr.ini'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\GLC57.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\GLC57.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\GLC57.tmp'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\GLC74.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\GLC74.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\GLC74.tmp'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\GLCE.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\GLCE.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\GLCE.tmp'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\ICD8.tmp\SYSsfitb.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\ICD8.tmp\SYSsfitb.exe' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\ICD8.tmp\SYSsfitb.exe'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\localNrd.inf' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\localNrd.inf' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\localNrd.inf'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\TBPS.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\TBPS.exe' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\TBPS.exe'
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\__unin__.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\captveg\Local Settings\Temp\__unin__.exe' in startup areas.
Cleaning 'C:\Documents and Settings\captveg\Local Settings\Temp\__unin__.exe'
Checking for 'C:\Program Files\Media Pass' in shortcut areas.
Checking for 'C:\Program Files\Media Pass' in startup areas.
Cleaning 'C:\Program Files\Media Pass'
Checking for 'C:\Program Files\Media Pass\Info.txt' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\Info.txt' in startup areas.
Cleaning 'C:\Program Files\Media Pass\Info.txt'
Checking for 'C:\Program Files\Media Pass\MediaPass.exe' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\MediaPass.exe' in startup areas.
Cleaning 'C:\Program Files\Media Pass\MediaPass.exe'
Checking for 'C:\Program Files\Media Pass\MediaPassC.dll' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\MediaPassC.dll' in startup areas.
Cleaning 'C:\Program Files\Media Pass\MediaPassC.dll'
Checking for 'C:\Program Files\Media Pass\MediaPassK.exe' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\MediaPassK.exe' in startup areas.
Cleaning 'C:\Program Files\Media Pass\MediaPassK.exe'
Checking for 'C:\Program Files\Media Pass\MediaPass.exe' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\MediaPass.exe' in startup areas.
Cleaning 'C:\Program Files\Media Pass\MediaPass.exe'
[SCANMODS] The file 'C:\Program Files\Media Pass\MediaPass.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Pass\MediaPassC.dll' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\MediaPassC.dll' in startup areas.
Cleaning 'C:\Program Files\Media Pass\MediaPassC.dll'
[SCANMODS] The file 'C:\Program Files\Media Pass\MediaPassC.dll' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Pass\MediaPassK.exe' in shortcut areas.
Checking for 'C:\Program Files\Media Pass\MediaPassK.exe' in startup areas.
Cleaning 'C:\Program Files\Media Pass\MediaPassK.exe'
[SCANMODS] The file 'C:\Program Files\Media Pass\MediaPassK.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\0B5B6FAD-E9F9-4371-96C6-7F02B9' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\0B5B6FAD-E9F9-4371-96C6-7F02B9' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\0B5B6FAD-E9F9-4371-96C6-7F02B9'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\24C8CCC0-AD74-4E36-8F52-7504BA' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\24C8CCC0-AD74-4E36-8F52-7504BA' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\24C8CCC0-AD74-4E36-8F52-7504BA'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\2D7A3E16-0CBB-4F8B-8E3C-A32C86' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\2D7A3E16-0CBB-4F8B-8E3C-A32C86' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\2D7A3E16-0CBB-4F8B-8E3C-A32C86'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\4FDF0FD6-695B-4CF6-B0EE-35C557' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\4FDF0FD6-695B-4CF6-B0EE-35C557' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\4FDF0FD6-695B-4CF6-B0EE-35C557'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\5ACA1442-693D-483B-A57F-21E038' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\5ACA1442-693D-483B-A57F-21E038' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\5ACA1442-693D-483B-A57F-21E038'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\698608AD-735C-40C8-A7F5-EDAFAB' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\698608AD-735C-40C8-A7F5-EDAFAB' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\698608AD-735C-40C8-A7F5-EDAFAB'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\DCCA3B49-D914-4FA2-827D-17DAF7' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\DCCA3B49-D914-4FA2-827D-17DAF7' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\03980171-A6E9-4955-B052-BA5CB4\DCCA3B49-D914-4FA2-827D-17DAF7'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\CE9E3D18-3761-4F67-9510-4748EA\DB1EE736-3484-4DE8-8C96-840289' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\CE9E3D18-3761-4F67-9510-4748EA\DB1EE736-3484-4DE8-8C96-840289' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\CE9E3D18-3761-4F67-9510-4748EA\DB1EE736-3484-4DE8-8C96-840289'
Checking for 'C:\Temp\Bargains.0xe' in shortcut areas.
Checking for 'C:\Temp\Bargains.0xe' in startup areas.
Cleaning 'C:\Temp\Bargains.0xe'
Checking for 'C:\Temp\salm_gdf.dat' in shortcut areas.
Checking for 'C:\Temp\salm_gdf.dat' in startup areas.
Cleaning 'C:\Temp\salm_gdf.dat'
Checking for 'C:\WINDOWS\inf\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\Belt.inf'
Checking for 'C:\WINDOWS\inf\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\biini.inf'
Checking for 'C:\WINDOWS\kwv2.dat' in shortcut areas.
Checking for 'C:\WINDOWS\kwv2.dat' in startup areas.
Cleaning 'C:\WINDOWS\kwv2.dat'
Checking for 'C:\WINDOWS\system32\back.gif' in shortcut areas.
Checking for 'C:\WINDOWS\system32\back.gif' in startup areas.
Cleaning 'C:\WINDOWS\system32\back.gif'
Checking for 'C:\WINDOWS\system32\GnucDNA.dll' in shortcut areas.
Checking for 'C:\WINDOWS\system32\GnucDNA.dll' in startup areas.
Cleaning 'C:\WINDOWS\system32\GnucDNA.dll'
Checking for 'C:\WINDOWS\system32\o2oService_2.0ll' in shortcut areas.
Checking for 'C:\WINDOWS\system32\o2oService_2.0ll' in startup areas.
Cleaning 'C:\WINDOWS\system32\o2oService_2.0ll'
Checking for 'C:\WINDOWS\system32\P2P Networking v125.cpl' in shortcut areas.
Checking for 'C:\WINDOWS\system32\P2P Networking v125.cpl' in startup areas.
Cleaning 'C:\WINDOWS\system32\P2P Networking v125.cpl'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'go.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\.xmfg'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Control'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1\CLSID'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
Finished Cleaning



---------------------

Everything is running real well. The only snags along the way I hit were:

1) Sidestepo would not fully uninstall. I actually unistalled this months ago, but there's a kind of "echo" left in its place. The original program is simply a help to find deals for airline fairs, so I'm not that worried about it, but you wanted to know everything.

2) I'm getting a Runner Error when booting up that says "Invalid BackWeb application id "4476822""




Thanks again for your wonderful help.

 

Fix this entry using HijackThis

O4 - HKCU\..\Run: [Metb] C:\Documents and Settings\captveg\Application Data\sost.exe



After you have done that, locate & delete the file -

C:\Documents and Settings\captveg\Application Data\sost.exe



Then do a fresh online scan at Panda ActiveScan

1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
2. Click On 'Next'
3. Enter your e-mail address & click 'Send' ...begins downloading Panda's ActiveX controls.- 8MB
4. In the next window, & checkmark the following:
   • Disinfect automatically
   • Scan compressed files
   • Scan e-mail files
   • Detect unknown viruses (heuristic)
   • Detect spyware
5. Begin the scan by selecting All My Computer
   * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
6. If it finds any malware, it will offer you a report. Click on see report
7. Then click Save report
8. Post the contents of the report in your next reply