1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Troj_zlob Removal Assistance

Discussion in 'Virus & Other Malware Removal' started by wdb, Feb 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    I was following this thread: http://forums.techguy.org/security/542583-how-can-i-remove-troj_zlob.html and thought I'd ask for additional assistance. I'm using Windows XP. I've been experiencing false warnings in the Systray that say I have a Trojan virus and open IE windows to removal programs.

    This is the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:33:29 PM, on 02/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial-fleet.com/BBC/BBCforum/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial-fleet.com/BBC/BBCforum/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136928673640
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS




    This is the Smitfraudfix Log:

    SmitFraudFix v2.141

    Scan done at 23:45:21.09, 02/11/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts



    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  3. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    I still believe I'm infected. When I first restarted, a SuperAntiSpyware pop-up informed me that another attempt to change my home page had been detected in IE. I don't use IE, but I still have it.

    SmitFraudFix v2.141

    Scan done at 14:19:01.89, 02/12/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts



    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  5. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    How do I save the report?
    Nevermind.
     
  6. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    Incident Status Location

    Adware:adware/zango Not disinfected Windows Registry
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.go.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.spylog.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ehg-dig.hitbox.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ehg-dig.hitbox.com/]
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[counter.hitslink.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.com.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ehg.hitbox.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[data.coremetrics.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[stats1.reliablestats.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.errorsafe.com/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[citi.bridgetrack.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[server.iad.liveperson.net/hc/57934806]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[server.iad.liveperson.net/]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\AlphaZIP-1869843\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/SpyReaper Not disinfected C:\Program Files\NoSpyware Full\AppRestart.exe
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
    Spyware:Cookie/Serving-sys Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[bs.serving-sys.com/]
    Spyware:Cookie/Doubleclick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.atdmt.com/]
    Spyware:Cookie/Bluestreak Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.bluestreak.com/]
    Spyware:Cookie/Mediaplex Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.mediaplex.com/]
    Spyware:Cookie/CentrPort Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.centrport.net/]
    Spyware:Cookie/PointRoll Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.ads.pointroll.com/]
    Spyware:Cookie/QuestionMarket Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.questionmarket.com/]
    Spyware:Cookie/2o7 Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.2o7.net/]
    Spyware:Cookie/Atwola
     
  7. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.servedby.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.servedby.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.servedby.advertising.com/]
    Spyware:Cookie/Tribalfusion Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.tribalfusion.com/]
    Spyware:Cookie/FastClick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.fastclick.net/]
    Spyware:Cookie/Hitbox Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.hitbox.com/]
    Spyware:Cookie/Maxserving Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.maxserving.com/]
    Spyware:Cookie/Falkag Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.as-us.falkag.net/]
    Spyware:Cookie/Linksynergy Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.linksynergy.com/]
    Spyware:Cookie/Tradedoubler Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.tradedoubler.com/]
    Spyware:Cookie/Bridgetrack Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[citi.bridgetrack.com/]
    Spyware:Cookie/QkSrv Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.qksrv.net/]
    Spyware:Cookie/onestat.com Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[stat.onestat.com/]
    Spyware:Cookie/Adtech Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.adtech.de/]
    Spyware:Cookie/Zedo Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.zedo.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.trafficmp.com/]
    Spyware:Cookie/Statcounter Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.statcounter.com/]
    Spyware:Cookie/BurstNet Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.burstnet.com/]
    Spyware:Cookie/BurstBeacon Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[www.burstbeacon.com/]
    Spyware:Cookie/Overture Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.overture.com/]
    Spyware:Cookie/2o7 Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.112.2o7.net/]
    Spyware:Cookie/Adrevolver Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.adrevolver.com/]
    Spyware:Cookie/YieldManager Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[ad.yieldmanager.com/]
    Spyware:Cookie/RealMedia Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.realmedia.com/]
    Spyware:Cookie/Casalemedia Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.casalemedia.com/]
    Spyware:Cookie/Overture Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.perf.overture.com/]
    Spyware:Cookie/Falkag Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.as-eu.falkag.net/]
    Spyware:Cookie/web-stat Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[www.web-stat.com/]
    Spyware:Cookie/2o7 Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.microsofteup.112.2o7.net/]
    Spyware:Cookie/Adserver Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.z1.adserver.com/]
    Spyware:Cookie/bravenetA Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.bravenet.com/]
    Spyware:Cookie/Hitbox Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.hg1.hitbox.com/]
    Spyware:Cookie/Hitslink Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[counter.hitslink.com/]
    Spyware:Cookie/Toplist Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.toplist.cz/]
    Spyware:Cookie/DomainSponsor Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[landing.domainsponsor.com/]
    Spyware:Cookie/Humanclick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[hc2.humanclick.com/hc/50255095]
    Spyware:Cookie/Humanclick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[hc2.humanclick.com/]
    Spyware:Cookie/WUpd Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.revenue.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[server.iad.liveperson.net/hc/42435556]
    Spyware:Cookie/Com.com Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.com.com/]
    Spyware:Cookie/Bfast Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.bfast.com/]
    Spyware:Cookie/Apmebf Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.apmebf.com/]
    Spyware:Cookie/Doubleclick Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.doubleclick.net/]
    Spyware:Cookie/Mediaplex Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.mediaplex.com/]
    Spyware:Cookie/Atlas DMT Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.atdmt.com/]
    Spyware:Cookie/QuestionMarket Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.questionmarket.com/]
    Spyware:Cookie/Valueclick Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.valueclick.com/]
    Spyware:Cookie/Bfast Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.bfast.com/]
    Spyware:Cookie/QkSrv Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.qksrv.net/]
    Spyware:Cookie/Adserver Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.z1.adserver.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.servedby.advertising.com/]
    Spyware:Cookie/Adserver Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.z1.adserver.com/]
    Spyware:Cookie/Advertising Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.advertising.com/]
    Spyware:Cookie/Maxserving Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.maxserving.com/]
    Spyware:Cookie/Hitbox Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.hg1.hitbox.com/]
    Spyware:Cookie/SpyLog Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.spylog.com/]
    Spyware:Cookie/Hitbox Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.hitbox.com/]
    Spyware:Cookie/Atwola Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.atwola.com/]
    Spyware:Cookie/2o7 Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.2o7.net/]
    Spyware:Cookie/Internetfuel Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.internetfuel.com/]
    Spyware:Cookie/FastClick Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.fastclick.net/]
    Spyware:Cookie/CentrPort Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.centrport.net/]
    Spyware:Cookie/Traffic Marketplace Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.trafficmp.com/]
    Spyware:Cookie/Falkag Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.as-us.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[a.as-us.falkag.net/]
    Spyware:Cookie/Casalemedia Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.casalemedia.com/]
    Spyware:Cookie/onestat.com Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[stat.onestat.com/]
    Spyware:Cookie/Bluestreak Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.bluestreak.com/]
    Spyware:Cookie/Tribalfusion Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.tribalfusion.com/]
    Spyware:Cookie/WUpd Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.revenue.net/]
    Spyware:Cookie/BurstNet Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.burstnet.com/]
    Spyware:Cookie/BurstBeacon Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[www.burstbeacon.com/]
     
  8. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    If someone doesn't answer soon, I'll have to give another report. I accidentally left the computer connected for four hours while I was gone and it downloaded more crap onto it.
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Post a new Hijack This log
     
  10. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    Logfile of HijackThis v1.99.1
    Scan saved at 9:59:26 PM, on 02/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial-fleet.com/BBC/BBCforum/index.php
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136928673640
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Find and delete this folder: C:\Program Files\NoSpyware Full
     
  12. wdb

    wdb Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    8
    Done. Thanks. Now what?
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Are you still having problems?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543362

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice