Spyware Infection Blue Screen

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ryanlewis397

Thread Starter
Joined
Jan 2, 2006
Messages
6
My wallpaper was blue with a black rectangle in the center with the message Spyware Infection your system is infected with spyware. Windows recommeds you to use a spyware removal tool. I have removed this message but my system is still not opperating as it should. Any help would be GREATLY GREATLY appreciated. I have posted the hijackthis log file. Thank you so much for any help!!!!!

Logfile of HijackThis v1.97.7
Scan saved at 11:52:36 AM, on 1/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Garry Anderson\Local Settings\Temp\Temporary Directory 1 for hjt.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossyoak.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nccinternet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128357792057
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37470.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

ryanlewis397

Thread Starter
Joined
Jan 2, 2006
Messages
6
I had to post the Ewido file in two messages sorry!!
HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C2-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.689:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry anderson[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\lo-1049058185.exe -> Downloader.Small.bzp : Cleaned with backup
C:\Program Files\Coneting\Cache\00002350_4397bbb7_0000f7fb -> Downloader.Phel.d : Cleaned with backup
C:\Program Files\Coneting\Cache\0000440d_43963085_000aced0 -> Downloader.IstBar.j : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\20777EFD-5C90-4D11-83C4-BA562C\CAF8711A-7F30-4E9F-AF25-80C42E -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\20777EFD-5C90-4D11-83C4-BA562C\CF99F9FA-5A56-43DB-8B92-E6C7B3 -> Spyware.SurfAccuracy : Cleaned with backup
 

ryanlewis397

Thread Starter
Joined
Jan 2, 2006
Messages
6
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
:mozilla.17:C:\Program Files\Netscape\Netscape 6\NCC Internet\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096763.exe -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096764.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096767.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096768.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096769.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096770.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096771.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096774.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096775.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096777.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096778.dll -> Spyware.WurldMedia : Cleaned with backup
C:\WINDOWS\desktop.html -> Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\win32.exe -> Downloader.Small.bzp : Cleaned with backup
C:\WINDOWS\SYSTEM32\vx.tll -> Adware.SpySheriff : Cleaned with backup
 

ryanlewis397

Thread Starter
Joined
Jan 2, 2006
Messages
6
Logfile of HijackThis v1.99.1
Scan saved at 2:42:08 PM, on 1/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossyoak.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nccinternet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128357792057
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37470.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJack This log along with the results from ActiveScan and the contents of the smitfiles.txt.
 

ryanlewis397

Thread Starter
Joined
Jan 2, 2006
Messages
6
Here are the results of the activescan and the hijackthis log. I have deleted all of the results from the activescan. The computer is running slower than before and the images are very grainy?? Thank you very much for your help.

Incident Status Location

Adware:Adware/WurldMedia Not disinfected C:\Program Files\MySearch\bar\s4Setp.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\flag.bla
Adware:adware/azesearch Not disinfected C:\WINDOWS\SYSTEM32\phhr.bat

Logfile of HijackThis v1.99.1
Scan saved at 5:11:46 PM, on 1/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossyoak.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nccinternet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128357792057
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37470.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thank you very much for your help!!!!!
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY


Boot into Safe Mode.

Find and delete this folder: C:\Program Files\Morpheus

Also in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

It's normal if some files don't delete!

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top