5 replies to this topic

[nilegodess18]

Hi,
I'm having trouble removing the Win32.SillyDI.UZ. Here is my hijackthis log. Can someone help?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\shannon\My Documents\hijackthis.log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O20 - AppInit_DLLs: repairs302972961.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter - Unknown - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[rridgely]

Welcome to the forum.
Always post the full hijackthis log.(you cut off the top)
Your computer is infected so lets clean it up.

Download AVG Anti-Spyware

• Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Click on the Scanner tab at the top and then click on Complete System Scan
  
• Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
  
• Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.

--------
Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

Come back with the ewido log, the superantispyware log, and a new hijackthis log.

[nilegodess18]

Thank you so much for your help!


-----------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:13:11 AM 11/28/2006

+ Scan result:



C:\WINDOWS\SYSTEM32\silent_ventura5.exe -> Adware.EliteBar : Ignored.
C:\WINDOWS\SYSTEM32\rk.bin -> Adware.RK : Ignored.
C:\WINDOWS\SYSTEM32\repairs302972961.dll -> Adware.SurfSide : Ignored.
C:\WINDOWS\SYSTEM32\wuamgrd.RB0 -> Backdoor.SpyBoter.by : Cleaned with backup (quarantined).
C:\WINDOWS\zaebalinah.RB0 -> Downloader.Apher : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\msshed32.RB0 -> Downloader.Delf.ep : Cleaned with backup (quarantined).


::Report end

SUPERAntiSpyware Scan Log
Generated 11/28/2006 at 11:06 AM

Application Version : 3.3.1020

Core Rules Database Version : 3137
Trace Rules Database Version: 1154

Scan type : Complete Scan
Total Scan Time : 00:45:06

Memory items scanned : 417
Memory threats detected : 1
Registry items scanned : 4661
Registry threats detected : 33
File items scanned : 24006
File threats detected : 124

Adware.SurfSideKick
C:\WINDOWS\SYSTEM32\REPAIRS302972961.DLL
C:\WINDOWS\SYSTEM32\REPAIRS302972961.DLL
C:\Documents and Settings\shannon\Application Data\Sskdmns.dll
C:\WINDOWS\SYSTEM32\BK.EXE

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Adware.Tracking Cookie
C:\Documents and Settings\shannon\Cookies\shannon@partner2profit[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@4145[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@c.enhance[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@as-eu.falkag[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@ads.monster[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@adopt.euroclick[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@burstnet[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.redorbit[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.stopzilla[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@stats-tracking[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@tacoda[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@hbmediapro[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@onlinerewardcenter[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@lynxtrack[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@cpvfeed[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@yieldmanager[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@windowsmedia[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@rotator.adjuggler[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@atwola[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@server.cpmstar[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@serviceswitching[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@serving-sys[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@certified-safe-downloads[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.ppctracking[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@4100[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@doubleclick[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@leadgenetwork[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@7[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@adrevolver[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@559[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@offeroptimizer[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@www7.paypopup[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@azjmp[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@edge.ru4[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@stats1.reliablestats[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@adecn[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.burstbeacon[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@276[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@tribalfusion[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.azoogleads[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@media.top-banners[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@adserver.sharewareonline[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@redorbit[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@advertising[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@adknowledge[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@ad.yieldmanager[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@4149[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@kmpads[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@redorbit.healthology[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@ad.zanox[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@hurricanedigitalmedia[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@ads.cc214142[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@2o7[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@emarketmakers[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@bigbanners[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@centralmedia[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@0[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.xctrk[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@djbanners.deadjournal[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@belnk[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@dist.belnk[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@revsci[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@hits.clickandtrack[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@jamster[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@ads.realtechnetwork[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@nextag[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@adopt.hbmediapro[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@ads.realcastmedia[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@adopt.specificclick[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@kanoodle[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@www.888[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@a.websponsors[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@partypoker[1].txt
C:\Documents and Settings\shannon\Cookies\shannon@ad.admarketplace[2].txt
C:\Documents and Settings\shannon\Cookies\shannon@desktop[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.mediadevil[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adv.webmd[2].txt
C:\Documents and Settings\Owner\Cookies\owner@asm.roitrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@c.sexcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@certified-safe-downloads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickability[1].txt
C:\Documents and Settings\Owner\Cookies\owner@creativeby.viewpoint[1].txt
C:\Documents and Settings\Owner\Cookies\owner@djbanners.deadjournal[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliuoajsfp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@focalex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@freebannertrade[2].txt
C:\Documents and Settings\Owner\Cookies\owner@icc.intellisrv[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ilead.itrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@intellisrv[1].txt
C:\Documents and Settings\Owner\Cookies\owner@macromedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sex2go[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sexadditions[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sexoflover[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@windowsmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.nextsexpics[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sex2go[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sextutorials[2].txt
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt

Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc

Adware.Mirar/NetNucleus
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
C:\WINDOWS\876056.EXE

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\DRTEMP\POLALL2C.EXE
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\A4D90079-A0D9-4FE5-A0C8-A043EA\F40EAC77-44B7-447A-9153-C6C8DA

WebsiteViewer Threat
C:\DOCUMENTS AND SETTINGS\SHANNON\RECENT\WEBSITEVIEWER.LNK

Adware.BookedSpace
C:\WINDOWS\DBPNKQUD.DLL

Trojan.HideDial-B
C:\WINDOWS\IBS.EXE

RelevantKnowledge Spyware Component
C:\WINDOWS\SYSTEM32\RK.BIN

Adware.Elite Media
C:\WINDOWS\SYSTEM32\SILENT_VENTURA5.EXE

Adware.BetterInternet
C:\WINDOWS\THIN-137-3-X-X.EXE

Adware.CasinoClient
C:\WINDOWS\TMP333.EXE

Logfile of HijackThis v1.99.0
Scan saved at 12:39:00 PM, on 11/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\shannon\My Documents\hijackthis.log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O20 - AppInit_DLLs: repairs302972961.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter - Unknown - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[rridgely]

Please scan with AVG antispyware again and set everything it found to remove. Then post the log like you did last time with a new hijackthis log.

Also if your disabling things with MS config please enable them all and then reboot before generating the new hijackthis log.

[nilegodess18]

here it is.........

Logfile of HijackThis v1.99.0
Scan saved at 10:26:35 PM, on 11/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\shannon\My Documents\hijackthis.log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [xfnqgtvq] c:\windows\system32\xfnqgtvq.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\rrwrkk.exe reg_run
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\mcafee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [OSS] C:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMC] C:\WINDOWS\msi.exe
O4 - HKLM\..\Run: [MCUpdateExe] "C:\Program Files\mcafee.com\Agent\mcupdate.exe" /embedding
O4 - HKLM\..\Run: [MCAgentExe] "C:\Program Files\mcafee.com\Agent\mcagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dcvuqyd] C:\WINDOWS\dcvuqyd.exe
O4 - HKLM\..\Run: [azdjeif] C:\WINDOWS\azdjeif.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] "C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O20 - AppInit_DLLs: repairs302972961.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter - Unknown - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:13:10 PM 11/27/2006

+ Scan result:



C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP815\A0174310.dll -> Adware.BookedSpace : Cleaned.
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP815\A0174312.exe -> Adware.EliteBar : Cleaned.
HKLM\SOFTWARE\Microsoft\Webext -> Adware.Ezula : Cleaned.
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP815\A0174308.exe -> Adware.Mirar : Cleaned.
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Adware.Pacer : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H4K639JP\Install[1].cab/Install.dll -> Adware.SpywareStorm : Cleaned.
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP815\A0174333.dll -> Adware.SurfSide : Cleaned.
C:\WINDOWS\msxmidi.RB0 -> Downloader.Apher : Cleaned.
C:\WINDOWS\msxmidi.exe -> Downloader.Apher : Cleaned.
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP815\A0174311.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\140.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\1468.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\1644.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\1866.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\1877.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\2384.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\2409.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\2592.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\2619.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\2742.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\2937.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\3017.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\3223.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\3711.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\392.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\4791.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5016.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5271.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5469.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5482.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5603.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5705.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5907.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\5937.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\6066.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\6207.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\6479.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\7445.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\7877.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\7944.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\8011.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\9191.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\9360.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\941.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\9457.exe -> Downloader.Delf.gz : Cleaned.
C:\WINDOWS\9738.exe -> Downloader.Delf.gz : Cleaned.
C:\counter.cab/counter.exe -> Dropper.Agent.az : Cleaned.
C:\WINDOWS\1003.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\1132.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\1651.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\1978.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\2692.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\28.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\3139.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\3275.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\3327.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\3863.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\453.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\4783.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\4845.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\5031.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\5274.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\5758.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\5869.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6082.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6298.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6383.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6533.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6830.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6831.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6846.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\6864.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\7219.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\732.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\771.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\8468.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\856.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\862.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\8635.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\8725.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\8827.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\8864.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\8922.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\9105.exe -> Hijacker.StartPage.tf : Cleaned.
C:\WINDOWS\SYSTEM\unppc.exe -> Hijacker.StartPage.tk : Cleaned.
:mozilla.414:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.105:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.716:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.761:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.827:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\shannon\Cookies\shannon@abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.498:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.499:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.500:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.488:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.489:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.490:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.491:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.492:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.493:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.516:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.517:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.536:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.537:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.539:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.551:C:\Documents and Settings\shannon\Application Data\Mozilla\Firefox\Profiles\u0dnad1h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

[rridgely]

Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
  
• Read the terms and then click I Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  
• Reboot your computer

-----------------

Post a new hijackthis log and the bitdefender log after the reboot.