1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware Infection Blue Screen

Discussion in 'Virus & Other Malware Removal' started by ryanlewis397, Jan 2, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ryanlewis397

    ryanlewis397 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    6
    My wallpaper was blue with a black rectangle in the center with the message Spyware Infection your system is infected with spyware. Windows recommeds you to use a spyware removal tool. I have removed this message but my system is still not opperating as it should. Any help would be GREATLY GREATLY appreciated. I have posted the hijackthis log file. Thank you so much for any help!!!!!

    Logfile of HijackThis v1.97.7
    Scan saved at 11:52:36 AM, on 1/2/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\ZoneLabs\isafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\Documents and Settings\Garry Anderson\Local Settings\Temp\Temporary Directory 1 for hjt.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossyoak.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nccinternet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Support (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128357792057
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37470.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. ryanlewis397

    ryanlewis397 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    6
    I had to post the Ewido file in two messages sorry!!
    HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{014DA6C2-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.204:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.250:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.252:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.269:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.294:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.295:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.301:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.328:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.331:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.332:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.333:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.340:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.344:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.346:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.348:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
    :mozilla.349:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
    :mozilla.350:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
    :mozilla.355:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.417:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.418:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.429:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.431:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.441:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.450:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.455:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.456:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.459:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    :mozilla.462:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.464:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.469:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.476:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.480:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.481:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.497:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    :mozilla.502:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.503:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.520:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.521:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.522:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.526:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
    :mozilla.533:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.545:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.546:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.552:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.553:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.554:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.555:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.563:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.564:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.565:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.575:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.577:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.578:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.580:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.581:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.585:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.586:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.587:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.588:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.589:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.590:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.591:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.592:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.593:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.595:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.596:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.603:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.604:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.611:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.613:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.618:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.621:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.625:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.627:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.630:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.631:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.632:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.653:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.657:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.659:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.667:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.668:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.669:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.689:C:\Documents and Settings\Garry Anderson\Application Data\Mozilla\Firefox\Profiles\lkx7j4mt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Garry Anderson\Cookies\garry [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\lo-1049058185.exe -> Downloader.Small.bzp : Cleaned with backup
    C:\Program Files\Coneting\Cache\00002350_4397bbb7_0000f7fb -> Downloader.Phel.d : Cleaned with backup
    C:\Program Files\Coneting\Cache\0000440d_43963085_000aced0 -> Downloader.IstBar.j : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\20777EFD-5C90-4D11-83C4-BA562C\CAF8711A-7F30-4E9F-AF25-80C42E -> Adware.SurfAccuracy : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\20777EFD-5C90-4D11-83C4-BA562C\CF99F9FA-5A56-43DB-8B92-E6C7B3 -> Spyware.SurfAccuracy : Cleaned with backup
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  4. ryanlewis397

    ryanlewis397 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    6
    C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
    :mozilla.17:C:\Program Files\Netscape\Netscape 6\NCC Internet\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096763.exe -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096764.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096767.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096768.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096769.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096770.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096771.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096774.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096775.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096777.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP502\A0096778.dll -> Spyware.WurldMedia : Cleaned with backup
    C:\WINDOWS\desktop.html -> Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\win32.exe -> Downloader.Small.bzp : Cleaned with backup
    C:\WINDOWS\SYSTEM32\vx.tll -> Adware.SpySheriff : Cleaned with backup
     
  5. ryanlewis397

    ryanlewis397 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 2:42:08 PM, on 1/2/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\ZoneLabs\isafe.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossyoak.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nccinternet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128357792057
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37470.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download smitRem.exe.
    • Save the file to your desktop.
    • It is a self extracting file.
    • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
    • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


    * Restart back into Windows normally now.


    * Run ActiveScan online virus scan here

    When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
    - Save the results from the scan!

    Post a new HiJack This log along with the results from ActiveScan and the contents of the smitfiles.txt.
     
  7. ryanlewis397

    ryanlewis397 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    6
    Here are the results of the activescan and the hijackthis log. I have deleted all of the results from the activescan. The computer is running slower than before and the images are very grainy?? Thank you very much for your help.

    Incident Status Location

    Adware:Adware/WurldMedia Not disinfected C:\Program Files\MySearch\bar\s4Setp.exe
    Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\flag.bla
    Adware:adware/azesearch Not disinfected C:\WINDOWS\SYSTEM32\phhr.bat

    Logfile of HijackThis v1.99.1
    Scan saved at 5:11:46 PM, on 1/2/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
    C:\WINDOWS\System32\ZoneLabs\isafe.exe
    C:\Program Files\Common Files\AOL\1128255074\ee\AOLServiceHost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossyoak.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nccinternet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128255074\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128357792057
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37470.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    Thank you very much for your help!!!!!
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY


    Boot into Safe Mode.

    Find and delete this folder: C:\Program Files\Morpheus

    Also in Safe Mode navigate to the C:\Windows\Temp folder.
    Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    It's normal if some files don't delete!

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430409

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice