Not again - possibly false spyware alert, please help
EyesOnly
Sweden New
I have all kinds if spyware apps yet spybot once again reported some. And this time it threw in some big names: cws and smitfraud. Interestingly though both seemed to involve internet domains (see pasted text below) yet according to the sf removal guide it's supposed to change your desktop though mine is fine.
This makes me think about my last post in this forum where i apparently had some false messages. Now if i remember correctly it could have been caused by some conflict involving spywareblaster. If there's even a hint that it's the cause this time it's gone. I've got plenty of spyware apps though it does seem like a nice app but i don't want spybot telling me i got spyware unless i really do.
Thankfull for advice.
Here's what spybot has to say
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4
This makes me think about my last post in this forum where i apparently had some false messages. Now if i remember correctly it could have been caused by some conflict involving spywareblaster. If there's even a hint that it's the cause this time it's gone. I've got plenty of spyware apps though it does seem like a nice app but i don't want spybot telling me i got spyware unless i really do.
Thankfull for advice.
Here's what spybot has to say
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4
0
This discussion has been closed.
Comments
Run Activescan and post those results. This will tell you if you have contracted smitfraud.
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
Please post a Hijack log This with the activescan results.
Logfile of HijackThis v1.99.1
Scan saved at 11:51:50, on 2005-07-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Folding @ Home\FAH502-Console.exe
C:\WINDOWS\system32\MsPMSPSv.exe
E:\Folding @ Home\FahCore_65.exe
E:\Program\Raxco\PerfectDisk\PDSched.exe
C:\ASUS\Probe\AsusProb.exe
E:\Program\Grisoft\AVGFRE~1\avgcc.exe
E:\Program\Grisoft\AVGFRE~1\avgemc.exe
E:\Program\HP\hpcoretech\hpcmpmgr.exe
E:\Program\Java\jre1.5.0_01\bin\jusched.exe
E:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
E:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\framxpro\FreeRAM XP Pro 1.40.exe
E:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
E:\Program\JetToolBar\JetTB.exe
E:\Program\Logitech\SetPoint\KEM.exe
E:\Program\Personal\bin\Personal.exe
E:\Program\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\Program\Logitech\SetPoint\KHALMNPR.EXE
E:\Program\DC++\DCPlusPlus.exe
C:\WINDOWS\system32\ntvdm.exe
E:\EMIII\EMIII.exe
E:\Lego\mlcad320\MLCAD.exe
E:\Program\Corel\Corel Graphics 12\PROGRAMS\CORELPP.EXE
C:\WINDOWS\System32\svchost.exe
E:\Wfwin\WFReader.exe
E:\Wfwin\FIEMouse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Program\Grisoft\AVGFRE~1\avgwb.dat
E:\Program\Mozilla Firefox\firefox.exe
E:\Spyware apps\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\Program\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SmcService] E:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "E:\Program\framxpro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [NewPatch] C:\windows\ZuPeR.exe
O4 - Startup: Electron Microscope.lnk = E:\EMIII\EMIII.exe
O4 - Startup: FAH.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = E:\Program\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: jetToolBar.lnk = E:\Program\JetToolBar\JetTB.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = E:\Program\Personal\bin\Personal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120226871812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FAH@E:+Folding @ Home+FAH502-Console.exe - Stanford University - E:\Folding @ Home\FAH502-Console.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program\Sygate\SPF\smc.exe
And here's the panda log.
Incident Status Location
Virus:Backdoor Program Disinfected Operating system
Spyware:spyware/istbar No disinfected E:\PROGRAM\DELADE FILER\Totem Shared
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/searchexe No disinfected HKEY_CLASSES_ROOT\Interface\{72423E8F-8011-11D2-BE79-00A0C9A83DA3}
Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}
Possible Virus. No disinfected E:\Program\Meridian Advance\Input\in_gbs.dll
Possible Virus. No disinfected E:\Program\Meridian Advance\Input\in_gym.dll
Adware:Adware/Trymedia No disinfected E:\SS spel\Spel\mindrover\MindRov
er-dm.exe
O4 - HKCU\..\Run: [NewPatch] C:\windows\ZuPeR.exe
Delete these files or directories if they exist:
C:\windows\ZuPeR.exe
E:\PROGRAM\DELADE FILER
E:\Program\Meridian Advance (is this a legitimate program you have?)
E:\SS spel
Download ewido security suite.
Run ewido security and remove all objects found.
Run activescan and post the results.
Do you have spyware shooter? It has been known as of recent to give false positives. You do not have smitfraud. Panda software is the only program I have found to date that actually detects smitfraud. No sign of CWS either.
Ok i need to claryfy something here. zuper is going. I don't know what it is but it wasn't installed by me hence malware.
E:\PROGRAM\DELADE FILER Is called shared files or so in english. I can understand that you didn't know that but it's legit trust me. Most have it in c:program but my programs folder is on E:
Meridian Advance is a music player homepage So legit
and finally E:\SS spel contains my games files and cheats plus whatever.
It seems i should remove spywareshooter since it gives fasle reading as you said and the try ewido.
Also look into spywareblaster:
http://www.javacoolsoftware.com/spywareblaster.html
Not so fast. Panda showed some stuff. Why aren't any other apps picking up this.
Incident Status Location
Spyware:spyware/istbar No disinfected E:\PROGRAM\DELADE FILER\Totem Shared
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}
Ran ewido which found and deleted some files. None had anything to do with these entries.
Open start menu>click run>type in "regedit" click ok>you'll see a menu in the upper left side of the display>double click HKEY_LOCAL_MACHINE>double click SOFTWARE>double click the subfolder labeled CLASSES>Scroll down until you find this entry- MAGNET>right click on this entry and click delete.
This entry will also be removed in the registry editor-HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}.
scroll back up until you see this directory and double click on it- HKEY_CLASSES_ROOT>Double click the subfolder titled Interface>You will see a number of entries that look like this-{71a27036-c7d8-11d2-bef8-525400dfb47a}. Search for this exact CLSID number and right click on it. Click delete.
Delete this directory in your Delade Filer directory:
Totem Shared
Let me know if you were not able to remove one/all of these items.
No viruses found. Finally i can put this behind me. Anyways ewido will be uninstalled. I have enough spyware apps and ewido is just taking up to much memory. Or should i keep it. It's just that i have so many apps running already.
BTW spybot once again found spyware. The same ones as before. While reading this thread i've run many apps but non have actually fixed the things that first made me to create this thread. You mentioned spywareshooter giving false readings. In a previous thread a few months ago i once again had false spyware. That time it was caused by some glitch in spywareblaster, another app that seems good but i'm tired of this sh*t. So give it to me straight. Is there any reasons to keep these apps despite the problems they cause. They both come well recommended from people of this site but i don't like reading about spyware unless it's really spyware.
So i shouldn't panic untill i've read what it's really about then. Seems reasonble. Hope they fix this soon.
Spywareblaster is a keeper. I have been had spywareblaster installed on both of my systems with spybot for some time and I have never had any issues with spybot giving false positives. If there was an issue with it I believe it has been resolved. You could take Spyware Shooter's advice and re-install spyware shooter and ignore the false readings or not re-install it. That is personal preference on your part. I would keep ewido. After the trial version runs out it will no longer run in your running processes. Then you will just need to update it once a week and run it every couple of weeks. Ewido security suite is a good program to keep but that is also going to be personal preference.
Remember that it will take multiple apps to keep your system free, or as much as possible, of unwanted spyware/malware. If you have anymore questions please feel free to ask.
I'll try using the uninstaller and then reinstall but this is getting redicilous. All new "spyware" involved internet zones so it's false. Oh well.
Since i'm not having real spyware i think we can consider this thread done for and ready for closing unless someone else has anything to say. BTW ad-aware which seems so much better by the minute only found a tracking cookie. Considering the amount of spyware apps i'm using, they prolly posess a greater threat than spyware.
Oh and just for the heck of it, here's the spybot log:
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcounter.biz\*!=W=4
CoolWWWSearch.Leftovers: Trusted Site (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4
CoolWWWSearch.Mupdate: Trusted Site (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4
CoolWWWSearch.Toolband: Trusted Site (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-1757981266-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-07-29 Includes\Dialer.sbi
2005-07-29 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-07-29 Includes\Malware.sbi
2005-07-22 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-07-29 Includes\Security.sbi
2005-07-29 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-07-29 Includes\Trojans.sbi