Computer problems, mainly viruses.

I'm pretty experienced with computers, just not with security, so after I explain I'll understand pretty much anything that is told to me.

I noticed something was wrong when I was playing a game of mine and I got the error. "Connection Interupted ". It never usually happens, so I thought maybe the server went down. It didn't though, I logged right back on and was playing, but then it happened again. Now it happens all the time, after only 30 or less seconds of playing. I decided to do a RAV Scan, and here's what I came up with.. and it's bad.

Scan started at 28/06/2004 09:01:19

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\IFinst25.exe - Backdoor:Win32/IzRam.1_7 -> Infected
C:\WINDOWS\2_0_1browserhelper2.dll - Clicker:Win32/Delf -> Infected
C:\WINDOWS\SYSTEM32\ATPartners.dll - TrojanDownloader:Win32/Rameh.C -> Infected
C:\WINDOWS\SYSTEM32\biR.exe - PWS:Win32/Bispy -> Infected
C:\Program Files\IncrediFind\BHO\IncFindBHO.dll - TrojanDownloader:Win32/Small.BX -> Infected
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\BOIVQPOV\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\RECYCLED\Dc396.exe - TrojanDownloader:Win32/Dyfuca.BQ -> Infected
C:\RECYCLED\Dc397.exe - PWS:Win32/Bispy -> Infected
C:\RECYCLED\Dc398.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\RECYCLED\Dc399.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\RECYCLED\Dc400.exe - TrojanDownloader:Win32/Keenval.C -> Infected

Scanned
============================
Objects: 77624
Directories: 4002
Archives: 2481
Size(Kb): 1304217
Infected files: 11

Found
============================
Viruses found: 10
Suspicious files: 0
Disinfected files: 0
Mail files: 255


Anyone's help would be greatly appreciated, and also, here is a HJT log for you.

Logfile of HijackThis v1.97.7
Scan saved at 12:20:59, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe
C:\PROGRA~1\AVANTB~1\iexplore.exe
C:\Documents and Settings\Jerry\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hackthissite.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?s=searchicon&c=2C01&lc=1009
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.110.74.244:80
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - C:\WINDOWS\System32\DIGITA~2.DLL
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - ~{183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - ~{516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - (no file)
O2 - BHO: (no name) - ~{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - ~{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [rgpyfez] C:\WINDOWS\rgpyfez.exe
O4 - HKLM\..\Run: [dohcb] C:\WINDOWS\dohcb.exe
O4 - HKLM\..\Run: [zgnynwh] C:\WINDOWS\zgnynwh.exe
O4 - HKLM\..\Run: [zobqvyr] C:\WINDOWS\zobqvyr.exe
O4 - HKLM\..\Run: [jcpyn] C:\WINDOWS\jcpyn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to AD Black List - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\PROGRA~1\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search - C:\PROGRA~1\AVANTB~1\Search.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run WinHTTrack (HKLM)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)
O9 - Extra button: Internet Download Accelerator (HKLM)
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {248DD896-BB45-11CF-9ABC-0080C7E7B78D} (Microsoft WinSock Control, version 6.0) - http://activex.microsoft.com/controls/vb6/MSWinSck.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ca/games1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37976.1448611111
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab

ALSO! I did both of this with system restore disabled, and again, thanks for the help.

 

Hi Exodius.

First off, emptying your browser's temporary internet files and then your recycle bin should get rid of these:
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\BOIVQPOV\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\RECYCLED\Dc396.exe - TrojanDownloader:Win32/Dyfuca.BQ -> Infected
C:\RECYCLED\Dc397.exe - PWS:Win32/Bispy -> Infected
C:\RECYCLED\Dc398.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\RECYCLED\Dc399.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\RECYCLED\Dc400.exe - TrojanDownloader:Win32/Keenval.C -> Infected

When you ran RAV it looks like you did not check the box to have it clean your system. If that's the case, running it again with the clean option set and neither of your other, onboard, AV programs active would be a good idea.

Speaking of other AV programs, you have two showing and that is rarely a good idea unless you have one resident and then on occasion, disable it and run the other for a full scan. Even then you can have conflicts.

Once you've gotten the infections under control, get the latest versions of Ad-aware and Spybot (check quicklinks from my signature). Update and then run Ad-aware followed by the same for Spybot and do let it immunize your system.

After that, create a folder for Hijackthis (on the desktop would be fine but a new folder to keep from splattering Hijackthis bits and pieces all over your desktop) and run another scan and post the log along with the report of your new RAV scan.

 

Welcome to WindowsBBS Exodius.

I see Newt posted in while I was preparing, but since it's done....... Very good advice though Newt! And I agree with getting Spybot and Ad-aware on board and scanning.

You may want to print this.

Right click the desktop and choose new>folder. Name it HJT. Cut and paste HijackThis.exe to that folder. That will keep backup files from scattering all over the desktop.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hackthissite.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...&c=2C01&lc=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...&c=2C01&lc=1009
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - C:\WINDOWS\System32\DIGITA~2.DLL
O2 - BHO: (no name) - ~{183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - ~{516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - (no file)
O2 - BHO: (no name) - ~{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - ~{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [rgpyfez] C:\WINDOWS\rgpyfez.exe
O4 - HKLM\..\Run: [dohcb] C:\WINDOWS\dohcb.exe
O4 - HKLM\..\Run: [zgnynwh] C:\WINDOWS\zgnynwh.exe
O4 - HKLM\..\Run: [zobqvyr] C:\WINDOWS\zobqvyr.exe
O4 - HKLM\..\Run: [jcpyn] C:\WINDOWS\jcpyn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O16 - DPF: Win32 Classes -
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US.../Sidesearch.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Insta...rsinstaller.cab



If the following is not your ISP, and you don't use a proxy, fix the R1 entry also.

OrgName: InterPacket Group Inc
OrgID: IPGI
Address: 1901 Main St.
City: Santa Monica
StateProv: CA
PostalCode: 90405
Country: US

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.110.74.244:80


Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode.

Now in safe mode, show hidden files and folders.
Open C:\WINDOWS and delete the files rgpyfez.exe, dohcb.exe, zgnynwh.exe, zobqvyr.exe, jcpyn.exe, IFinst25.exe and 2_0_1browserhelper2.dll if present.
Open C:\WINDOWS\system32 and delete the files ATPartners.dll and biR.exe if present.
Open C:\Program Files and delete the folder IncrediFind.
Open C:\Program Files\Common Files\Real\Update_OB and rename realsched.exe to realsched.old
Open C:\Windows\Temp, select all and delete.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5 select all and delete.
Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all except compress old files and OK.
Uncheck the /safeboot box in msconfig and ok to reboot.

Back in Windows, do another RAV scan and post the results along with a new HJT log.

 

Thanks!

Thanks for helping! Here's my HJT and RAV!

Logfile of HijackThis v1.97.7
Scan saved at 15:35:19, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jerry\Desktop\Security\HijackThis.exe

O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run WinHTTrack (HKLM)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)
O9 - Extra button: Internet Download Accelerator (HKLM)
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {248DD896-BB45-11CF-9ABC-0080C7E7B78D} (Microsoft WinSock Control, version 6.0) - http://activex.microsoft.com/controls/vb6/MSWinSck.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ca/games1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37976.1448611111
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

And my RAV :

Scan started at 28/06/2004 15:26:16

Scanning memory...
Scanning boot sectors...
Scanning files...

Scanned
============================
Objects: 68759
Directories: 3818
Archives: 2153
Size(Kb): -1068611
Infected files: 0

Found
============================
Viruses found: 0
Suspicious files: 0
Disinfected files: 0
Mail files: 248


I LOVE YOU! >P

 

Looks clean. Everything working OK?

Did you download Spybot and Ad-aware? Open Spybot and click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Click the tools button, then resident. Check the SD Helper box. Then click IE Tweaks and check the box to lock your HOSTS file and if you want, lock your homepage. Notice you can customize the IE title bar here?
Then download and install IESpyads.

That will give you an added layer of protection against unwanted parasites.