0

I've been having this pop up for a couple of weeks now and I've tried the recommendations on the symantec site. I don't actually have the virus, NAV keeps deleting it but I get a pop up every 5 seconds or so telling me about it!!
I'm new to this site but I noticed everyone seems to post their hijackthis log, so here is mine...hopefully someone can give me some help. Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 9:08:56 PM, on 8/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\vsmom.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll (file missing)
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll (file missing)
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\System32\AANTX.dll (file missing)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O2 - BHO: (no name) - {54AE5E14-A9EE-AF54-FF62-ED8133D3C23E} - C:\WINDOWS\Bvfhifko.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O3 - Toolbar: Search - {5AF95B26-44FB-67F3-E142-79D2D33D5BAB} - C:\WINDOWS\Bvfhifko.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [mdjkiang] C:\WINDOWS\System32\tdhfml.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\System32\prutqct.exe
O4 - HKCU\..\Run: [pruttct] C:\WINDOWS\System32\pruttct.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Jodi MacMillan\Application Data\DownloadPlus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29458ec8b6c60b9e9b22/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A3FACF-0EEB-49C5-87A8-C93E58DEBA54}: NameServer = 142.177.1.2 142.177.129.11
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe (file missing)
O23 - Service: AntiSpyUltra (Zonelaps) - Unknown owner - C:\WINDOWS\vsmom.exe

2
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb :).

You have a heap of nasties on your PC, so please do the following, reboot when done and post me another hijackthis log.

==

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

==

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

0

Wow - I certainly do have a bunch of stuff on here that I wasn't aware of!! I'm still getting the popup after doing the stuff you mentioned...here is the new hijackthis log and the Ewido scan.

Logfile of HijackThis v1.99.1
Scan saved at 7:14:41 AM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/sidesearch.html[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ca.my.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.begin2search.com/sidesearch.html[/url]
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {54AE5E14-A9EE-AF54-FF62-ED8133D3C23E} - C:\WINDOWS\Bvfhifko.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: Search - {5AF95B26-44FB-67F3-E142-79D2D33D5BAB} - C:\WINDOWS\Bvfhifko.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [mdjkiang] C:\WINDOWS\System32\tdhfml.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\System32\prutqct.exe
O4 - HKCU\..\Run: [pruttct] C:\WINDOWS\System32\pruttct.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Jodi MacMillan\Application Data\DownloadPlus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - [url]https://www.spydeleter.com/order2.php?KBID=1062[/url] (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/29458ec8b6c60b9e9b22/netzip/RdxIE601.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://www.bitdefender.com/scan8/oscan8.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VPNonDemand - Unknown owner - C:\WINDOWS\VPN.exe (file missing)
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe (file missing)
O23 - Service: AntiSpyUltra (Zonelaps) - Unknown owner - C:\WINDOWS\vsmom.exe (file missing)

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          12:59:04 AM, 8/9/2005
 + Report-Checksum:     53D2984B

 + Scan result:

    HKLM\SOFTWARE\Bookedspace -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Bookedspace\adware -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} -> Spyware.SmartPops : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{08227B4B-54FE-4C4D-809F-BCA46292FC5B} -> Spyware.Superlogy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLSID -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CurVer -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{1423903E-86CC-4470-8AB0-257C10D77D45} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{17973BD7-959C-4D8A-8B2F-AB200E20A75E} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A} -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4DEA7CA1-3372-4204-937C-2DD4A6ED6562} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{6FE4AADF-EDAC-4037-9164-0B60179A4F12} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A42DC659-33B5-409E-A433-650AC42ECCA4} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A797A41D-F9F0-4A32-B9B5-AF927CB5AE54} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A8516F49-8046-4295-8EE9-C59D5041C9E2} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{B12508AD-CA55-4238-8DB3-55808BA6915A} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BF7CB2C3-55B6-44C1-9615-920D004C27F7} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{F912C325-5B26-4AD6-BF39-84370833E972} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{FB82CCD5-174B-4379-BC37-72D9B5ADAEDA} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{081DE2F6-927B-4AA9-88C1-F531C9387383} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{47350D97-09E9-4590-864E-3431DA53BF37} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} -> Spyware.eXact : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC} -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\VX2.VX2Obj -> Spyware.BetterInternet : Cleaned with backup
    HKLM\SOFTWARE\Classes\VX2.VX2Obj\CLSID -> Spyware.BetterInternet : Cleaned with backup
    HKLM\SOFTWARE\Classes\VX2.VX2Obj\CurVer -> Spyware.BetterInternet : Cleaned with backup
    HKLM\SOFTWARE\Classes\WebCom.WebBar -> Spyware.MediaMotor : Cleaned with backup
    HKLM\SOFTWARE\Classes\WebCom.WebBar\CLSID -> Spyware.MediaMotor : Cleaned with backup
    HKLM\SOFTWARE\Classes\WebCom.WebBar\CurVer -> Spyware.MediaMotor : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.amo -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.amo\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.amo\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.dbi -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.dbi\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.dbi\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.iiittt -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.iiittt\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.iiittt\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.momo -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.momo\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.momo\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.ohb -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.ohb\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\winb2s.ohb\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} -> Spyware.SmartPops : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08227B4B-54FE-4C4D-809F-BCA46292FC5B} -> Spyware.Superlogy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\0x7A69 -> Spyware.DownloadPlus : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\0x7A69\Message Center -> Spyware.DownloadPlus : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\aaa_soft -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\aaa_soft\kkkk -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\aaa_soft\pppp -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\aaa_soft\ssss -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\DownloadWare -> Spyware.Downloadware : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\Hopper -> Spyware.NetworkEssentials : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\ISTbar -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\Updater -> Spyware.KeenValue : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\BonziCHECKERS -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\BonziMAIL -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Daily -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Email -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Jigsaw -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\News -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\ProductsHeard -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Relax -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Solitaire -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\TapData -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\VB and VBA Program Settings\BONZIBUDDY\UserInfo -> Spyware.BonziBuddy : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\WhenU -> Spyware.SaveNow : Cleaned with backup
    HKU\S-1-5-21-789336058-2147202159-682003330-1003\Software\WhenU\ClockSync -> Spyware.SaveNow : Cleaned with backup
    C:\c7kdf9l45.exe/y.bat -> Trojan.Zapchast : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@2o7[2].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@doubleclick[1].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@mediaplex[1].txt[/email] -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@rotator.adjuggler[2].txt[/email] -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@serving-sys[2].txt[/email] -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@statcounter[2].txt[/email] -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@tribalfusion[1].txt[/email] -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Cookies\jodi [email]macmillan@www.myaffiliateprogram[1].txt[/email] -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Local Settings\Temp\7F0.tmp -> Backdoor.SdBot.aad : Cleaned with backup
    C:\Documents and Settings\Jodi MacMillan\Local Settings\Temporary Internet Files\Content.IE5\S1QZ0DEN\default[28].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2X818ZMJ\m11[1].jpg/y.bat -> Trojan.Zapchast : Cleaned with backup
    C:\Downloads\ScrabbleSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\WINDOWS\ra.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
    C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\msvnc.sys -> Trojan.Rootkit.Agent.ae : Cleaned with backup
    C:\WINDOWS\system32\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup
    C:\WINDOWS\y.bat -> Trojan.Zapchast : Cleaned with backup


::Report End

Edited by mike_2000_17: Fixed formatting

0

You still have more to do.

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

EZula Toptext
WhenU

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

O2 - BHO: (no name) - {54AE5E14-A9EE-AF54-FF62-ED8133D3C23E} - C:\WINDOWS\Bvfhifko.dll (file missing)

O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: Search - {5AF95B26-44FB-67F3-E142-79D2D33D5BAB} - C:\WINDOWS\Bvfhifko.dll (file missing)

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [mdjkiang] C:\WINDOWS\System32\tdhfml.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\System32\prutqct.exe
O4 - HKCU\..\Run: [pruttct] C:\WINDOWS\System32\pruttct.exe

O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29458ec...ip/RdxIE601.cab

O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\se
C:\Program Files\Power Scan
C:\Program Files\ClockSync

files...

C:\WINDOWS\bxxs5.dll
C:\WINDOWS\System32\tdhfml.exe
C:\WINDOWS\System32\prutqct.exe
C:\WINDOWS\System32\pruttct.exe
C:\WINDOWS\svchost.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

The NAV pop up is still there. Looks like other stuff got cleaned up. But my computer keeps slowing down and freezing - I had to do 3 hard re-boots just to try and post this... so I guess something is still hanging on. When I tried to stop processes to delete svchost.exe in safe mode my computer told me I stopped something critical (can't remember exactly what) and gave me 30 seconds to save then re-booted. Even in safe mode the processes were running so I couldn't just delete the files from windows\system32. Thanks for your help so far!!
Here is my latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:48 PM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VPNonDemand - Unknown owner - C:\WINDOWS\VPN.exe (file missing)
O23 - Service: XP Services Admin - Unknown owner - C:\WINDOWS\winservice
O23 - Service: AntiSpyUltra (Zonelaps) - Unknown owner - C:\WINDOWS\vsmom.exe (file missing)

0

Please go to Jotti's and have these files scanned. Post the results back here.

C:\WINDOWS\VPN.exe
C:\WINDOWS\winservice
C:\WINDOWS\vsmom.exe

==

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.