I have also stupidly fell victum to this program that has taken over my homepage and sends me to www.theguardservices.com I can seem to shake it. This is my HLT report Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe C:\Program Files\Nikon\NkView5\NkvMon.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\prefs.js) O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpB4EE.tmp O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [WorkFlo] E:\NEW(D)~2\Install\WorkFlow.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NEWS 3 NOW.lnk = C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Please help!
Hi mjcat, you got some infections... You don't have a firewall or an antivirus on your computer. Download and install one firewall and one antivirus. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com These are good (free) antiviruses: AVG Antivirus --> http://www.grisoft.com Avast --> http://www.avast.com Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip Unzip it (folder named SmitFraudFix) to your desktop: Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist) Post the contents of this textfile to here. (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes) Then post a new HijackThis log to here (post the full log this time, beginning with Logfile of HijackThis....) So post those two logs (HijackThis & SmitfraudFix) to here and we'll get you cleaned.
Thanks for the reply. Seriously it is nice know there are people out there willing to help the ignorant. These are the 2 logs you requested. SmitFraudFix v2.41 Scan done at 19:28:57.21, Mon 05/08/2006 Run from C:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\dfrgsrv.exe FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\interf.tlb FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\mssearchnet.exe FOUND ! C:\WINDOWS\system32\ncompat.tlb FOUND ! C:\WINDOWS\system32\nvctrl.exe FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\sivudro.dll FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\MalwareWipe\ FOUND ! C:\Program Files\Security Toolbar\ FOUND ! C:\Program Files\SpywareQuake.com\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://www.beachnet.com/~wizzle/love/i-3rays.jpg" "SubscribedURL"="http://www.beachnet.com/~wizzle/love/i-3rays.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 7:46:07 PM, on 5/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe C:\Program Files\Nikon\NkView5\NkvMon.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YACGUFOW\HijackThis_v1.99.1[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\prefs.js) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpB99F.tmp O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [WorkFlo] E:\NEW(D)~2\Install\WorkFlow.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NEWS 3 NOW.lnk = C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hi again and sorry for the long wait, I've been really busy Cleaning instructions: Move HijackThis into its own folder C:\HJT Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download We'll use it later. Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1 Do NOT run yet. Go to Control Panel -> Add/Remove programs -> Remove SideStep if found Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked): O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbr... O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml Delete these files (if found): C:\WINDOWS\msopt.dll C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll Run ATF Cleaner -> Check select all -> Press Empty selected When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Warning : Running option 2 in a clean computer will delete your desktop wallpaper. Scan and clean your computer with Ewido and save the log file. Make your hidden files invisible again Post the following logs to here: -> fresh HijackThis log -> Ewido's log to -> Contents of C:\rapport.txt
Well I think I followed all of the instructions. This is what I came up with. wido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:32:26 PM, 5/9/2006 + Report-Checksum: E880E116 + Scan result: HKLM\SOFTWARE\Classes\BHO.CSBHO -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\BHO.CSBHO\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\BHO.CSBHO\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\BHO.CSBHO.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FCParam -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FCParam\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FCParam\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FCParam.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FctCall -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FctCall\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FctCall\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ComUtil.FctCall.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxy -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxy\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxy\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxy.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.CSRegExp -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.CSRegExp\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.CSRegExp\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.CSRegExp.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.URLContextParser -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.URLContextParser\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.URLContextParser\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ContextParser.URLContextParser.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BHO1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BHO1\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BHO1\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BHO1.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BrowserAppProxy -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BrowserAppProxy\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BrowserAppProxy\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.BrowserAppProxy.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometCursor -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometCursor\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometCursor\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometCursor.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometFrame -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometFrame\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometFrame\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometFrame.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometWindow -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometWindow\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometWindow\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CometWindow.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CS15Cursor -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CS15Cursor\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CS15Cursor\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.CS15Cursor.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.FileInfo -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.FileInfo\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.FileInfo\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.FileInfo.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.HttpComm -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.HttpComm\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.HttpComm\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.HttpComm.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.MyBrowser1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.MyBrowser1\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.MyBrowser1\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.MyBrowser1.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.SelfUpdater -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.SelfUpdater\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.SelfUpdater\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.SelfUpdater.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.System -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.System\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.System\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.System.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.WindowProxy -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.WindowProxy\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.WindowProxy\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Core.WindowProxy.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBRange.ByteRange -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBRange.ByteRange\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBRange.ByteRange\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSBRange.ByteRange.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSEngine -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSEngine\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSEngine\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSEngine.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSHost -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSHost\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSHost\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.CSHost.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.EvHandler -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.EvHandler\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.EvHandler\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSEng.EvHandler.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSCollection -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSCollection\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSCollection\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSCollection.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPPacket -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPPacket\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPPacket\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSIP.CSIPPacket.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMServer.DMNotify -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMServer.DMNotify\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMServer.DMNotify\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\DMServer.DMNotify.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Puk.PukBHO -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Puk.PukBHO\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Puk.PukBHO\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\Puk.PukBHO.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.CSkinUI -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.CSkinUI\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.CSkinUI\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.CSkinUI.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper\CLSID -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper\CurVer -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper.1 -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc2k -> Adware.CometCursor : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup HKU\S-1-5-21-3210968156-1267714937-1818040893-1003\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3210968156-1267714937-1818040893-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned with backup HKU\S-1-5-21-3210968156-1267714937-1818040893-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93CECBB2-6B1B-448D-91B9-72604EF70105} -> Adware.180Solutions : Cleaned with backup :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LLR6S3IZ\backups\backup-20060509-202421-619.dll -> Adware.Coupons : Cleaned with backup C:\Documents and Settings\Owner\My Documents\eicar.com -> Not-A-Virus.Eicar.TestFile : Cleaned with backup C:\Downloads\FamilyFeudSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 9:35:33 PM, on 5/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Nikon\NkView5\NkvMon.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\explorer.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\prefs.js) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [WorkFlo] E:\NEW(D)~2\Install\WorkFlow.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NEWS 3 NOW.lnk = C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ok, looking quite good... Restart your computer to the safe mode. Fix this entry with HijackThis: O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) Restart your computer normally. Post a new HijackThis log to here and post the contents of C:\rapport.txt too
Here it is. Logfile of HijackThis v1.99.1 Scan saved at 5:42:20 PM, on 5/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vnjgka8z.slt\prefs.js) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [WorkFlo] E:\NEW(D)~2\Install\WorkFlow.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NEWS 3 NOW.lnk = C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe SmitFraudFix v2.41 Scan done at 17:56:46.28, Wed 05/10/2006 Run from C:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Ok, you're clean now (the HjT log was taken from safe mode, right?) You got many unnecessary start-ups, do you want that we take those off and make your computer faster?
Sorry it took so long to reply. Went to see my folks for mother's day. I did run the HJT Log in safe mode so I am ecstatic that my computer has a clean bill of health. Now about making it faster, what should I do? Also I wanted to thank you again for your help I have told many of my friends and colleagues and they simply can't believe that there is a forum and knowledgable people out there willing to help someone they don't even know. You have made me a less cynical person. So, again I thank you.
Ok, you can fix all these entries with HijackThis if you want to free your memory and make the startup and the shutdown faster, these are unnecessary startups: O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NEWS 3 NOW.lnk = C:\Program Files\Common Files\NEWS 3 NOW\TrueWeather.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe Then you could do some cleaning if you want... Download and install CCleaner -> http://www.ccleaner.com Clean your registry and temporary folders with it. Then you could post a one more HijackThis log to here because the last one on taken from the safe mode. I just want to be sure It is nice to hear that I've been able to help, you're welcome
