1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SearchRelevant

Discussion in 'Virus & Other Malware Removal' started by b2010, Feb 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. b2010

    b2010 Thread Starter

    Joined:
    Aug 20, 2006
    Messages:
    28
    I noticed I had a file called SearchRelevant and doing research it appears to be spyware, but my spyware filters are not removing it.

    HiJackThis file:
    ogfile of HijackThis v1.99.1
    Scan saved at 3:18:37 PM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Eastside UK\EHM_Edit_2007.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Documents and Settings\Brett\My Documents\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158517540375
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. b2010

    b2010 Thread Starter

    Joined:
    Aug 20, 2006
    Messages:
    28
    UPERAntiSpyware Scan Log
    Generated 02/11/2007 at 04:46 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3182
    Trace Rules Database Version: 1192

    Scan type : Complete Scan
    Total Scan Time : 01:13:29

    Memory items scanned : 383
    Memory threats detected : 0
    Registry items scanned : 4655
    Registry threats detected : 58
    File items scanned : 70934
    File threats detected : 51

    Adware.Tracking Cookie
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][3].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brett\Local Settings\Temp\Cookies\[email protected][2].txt

    Adware.MediaMotor
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\amm06.ocx [  ]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\safe.tlb [  ]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/amm06.ocx
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/amm06.ocx#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/amm06.ocx#{5526B4C6-63D6-41A1-9783-0FABF529859A}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#{5526B4C6-63D6-41A1-9783-0FABF529859A}
    C:\WINDOWS\Downloaded Program Files\amm06.inf
    C:\WINDOWS\System32\safe.tlb
    C:\WINDOWS\mm06y.ini

    Adware.MediaMediatickets
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#{9EB320CE-BE1D-4304-A081-4B4665414BEF}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx [  ]

    Trojan.Malware
    C:\asdf.txt

    Adware.Toolbar888
    HKCR\MyToolBar.MyToolBarObj
    HKCR\MyToolBar.MyToolBarObj\CLSID
    HKCR\MyToolBar.MyToolBarObj\CurVer
    HKCR\MyToolBar.MyToolBarObj.1
    HKCR\MyToolBar.MyToolBarObj.1\CLSID
    HKLM\Software\Classes\MyToolBar.MyToolBarObj
    HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
    HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
    HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
    HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID

    Adware.ClickSpring/Yazzle
    HKLM\Software\Snowball Wars
    HKLM\Software\Cowabanga

    Adware.BitLocker
    HKCR\ONONE.Theimp
    HKCR\ONONE.Theimp\CLSID
    HKCR\ONONE.Theimp\CurVer
    HKCR\ONONE.Theimp.1
    HKCR\ONONE.Theimp.1\CLSID

    Trojan.WinUpdate
    HKU\S-1-5-21-2138693005-44481312-1017740337-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run#WinUpdate.exe [ C:\Program Files\Windows\WinUpdate.exe ]

    Trojan.DollarRevenue
    C:\WINDOWS\keyboard1.dat

    Adware.eZula/BannerRotator
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\ProxyStubClsid
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\ProxyStubClsid32
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\TypeLib
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\TypeLib#Version
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\ProxyStubClsid
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\ProxyStubClsid32
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\TypeLib
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\TypeLib#Version

    Adware.AdRotate/System
    HKCR\Crypt.Core
    HKCR\Crypt.Core\CLSID
    HKCR\Crypt.Core\CurVer
    HKCR\Crypt.Core.1
    HKCR\Crypt.Core.1\CLSID
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\InprocServer32
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\ProgID
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\Programmable
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\TypeLib
    HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\VersionIndependentProgID
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\0
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\0\win32
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\FLAGS
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\HELPDIR
    Logfile of HijackThis v1.99.1
    Scan saved at 4:52:47 PM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Brett\My Documents\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158517540375
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  5. b2010

    b2010 Thread Starter

    Joined:
    Aug 20, 2006
    Messages:
    28
    What will that do?
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Cleans out the infected restore points and creates a clean one so that there i sno chance of restoring the infection
     
  7. b2010

    b2010 Thread Starter

    Joined:
    Aug 20, 2006
    Messages:
    28
    The system restore tab doesn't show up. How do I log on as an administrator as my computer only has one profile?
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should be an admin if only one profile - try safe mode
     
  9. b2010

    b2010 Thread Starter

    Joined:
    Aug 20, 2006
    Messages:
    28
    I realized I actually had two profiles:eek:

    I turned the system restore off.

    Two final questions:
    What happens if the system restore is needed again?
    And my computer has been freezing lately. Could that have been due to any of the spyware removed?
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You were to turn it off, boot and then turn it back on

    Freezing can be a result of a dirty case, or a fan not working or....

    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
     
  11. b2010

    b2010 Thread Starter

    Joined:
    Aug 20, 2006
    Messages:
    28
    Thank you for your help
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543276

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice