Spy Sheriff

Hi I'm running Win Xp pro SP2 and I have recently picked up a pernickity little beastie which proclaims to be an anti spyware program and keeps on popping up ballons insisting that I have spyware modules on my computer and inviting me to download (for a small fee) a program called Spy Sheriff. As I have found out it is not an anti spyware program at all it is the Spyware and it won't go away. It has managed to get in under the radar (I run Norton, Ad aware SE, Spy on This) I have two icons in my taskbar that I cannot get rid of one a yellow triangle anf the other a yellow oval with a black exclamation mark inside. HELP!!! Below find my Hijackthis file

Logfile of HijackThis v1.99.1
Scan saved at 21:48:55, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\CAL\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SW] C:\Program Files\SpyOnThis\SpyOnThis.exe
O4 - Startup: spysheriff.lnk = C:\Program Files\SpywareSheriff\spysheriff.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\panppagn.dll (file missing)
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

TKS the busker

Welcome to DAL,


You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.



Please download Look2Me-Remover.exe by Atribune to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Remover.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
• When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
• Your computer will then shutdown.
• Turn your computer back on.
• Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX



Next


Please download smitRem.zip and save it to your desktop.
Right click on the file and extract it to its own folder on the desktop.

Please download, install, and update the free version of Ewido Security Suite:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes, the status bar at the bottom will display "Update successful"
5. Exit Ewido. DO NOT run a scan yet.

http://www.majorgeeks.com/download506.html

If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items:



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

O4 - Startup: spysheriff.lnk = C:\Program Files\SpywareSheriff\spysheriff.exe

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\panppagn.dll (file missing)
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll


Make sure nothing is open but hijackthis and click fix checked


Delete if present:

C:\Program Files\SpywareSheriff < folder
C:\WINDOWS\system32\panppagn.dll < file
C:\WINDOWS\SYSTEM32\winkve32.dll < file



Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

Next, run Ad-aware and perform a full scan. Remove everything found.

Now open Ewido Security Suite

• Click on Scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save Report
• Save the report to your desktop
• Close Ewido

Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Website -> Uncheck "Security Info" if present.


Restart your computer in normal mode.

Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!

Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Thankyou that seems to have done the trick alright although it was a long night in front of the screen. Below are the files you asked me to post:



1. Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:29:10, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SpyOnThis\SpyOnThisMonitor.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\UltraSnap\UltraSnap.exe
C:\Documents and Settings\CAL\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SW] C:\Program Files\SpyOnThis\SpyOnThis.exe
O4 - HKCU\..\Run: [SpyOnThis Monitor] C:\Program Files\SpyOnThis\SpyOnThisMonitor.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2312FA-A632-4BF5-871E-5ADFA4DC2CF3}: NameServer = 212.74.114.129 212.74.112.66
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

2> smitRem

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 25/04/2006
The current time is: 22:52:31.00

Running from
C:\Documents and Settings\CAL.WILLOW1\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Pea****@beyondlogic.org
Killing PID 812 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN!


3. EWIDO Report


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 00:27:29, 26/04/2006
+ Report-Checksum: 618E1414

+ Scan result:

HKU\S-1-5-21-220523388-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-220523388-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F65B197F-8260-4D52-909A-F70118E646EB} -> Adware.MWSearch : Cleaned with backup
C:\Documents and Settings\admin 1\Cookies\cal@microsoftuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wupdmgr.exe -> Not-A-Virus.Hoax.Win32.Renos.cq : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\0fb54ad28ee1cc4a51189614a4086 d3c -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\22e7561ee39f821b70015be4e2746 43a -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\36fc88345dbed664aa9ed01642799 111 -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\7cbfc451e63e0d9ec644c08ffb6e9 107 -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\925bd75fb5b421d22734e22b7a272 ec3 -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\9db469b33cab148afe8b3fac46e16 bf6 -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\c9a9db8182aba5b0687bb33eb68d8 df7 -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\f2c9917855d46af39450ae1df5c7f acf -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\fbdaec802ec84b0caea54febf0355 494 -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Cookies\cal@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Cookies\cal@e-2dj6wgkyeiajklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Cookies\cal@www.myaffiliatepr ogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@ad.yield manager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@cnn.122. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@cz8.clic kzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@image.ma sterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@wrigley. 122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@www.myaf filiateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@ad.yi eldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@msnpo rtal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@rotat or.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@www.m yaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Program Files\SpyOnThis\Quarantine\{C30380AC-D1A6-45B7-AA42-A92552F8FE2D}.zip/{79AB730B-4A93-4485-AD98-49B2447254E5} -> TrackingCookie.Overture : Error during cleaning
C:\Program Files\SpyOnThis\Quarantine\{C30380AC-D1A6-45B7-AA42-A92552F8FE2D}.zip/{A77D9DBF-3E34-4485-BA32-E06041221D1F} -> TrackingCookie.Tribalfusion : Error during cleaning
C:\Program Files\SpyOnThis\Quarantine\{C30380AC-D1A6-45B7-AA42-A92552F8FE2D}.zip/{F789113B-D98C-404E-B2AD-AE179E98C6E1} -> TrackingCookie.Atdmt : Error during cleaning
C:\WINDOWS\osaupd.exe -> Not-A-Virus.Hoax.Win32.Renos.cq : Cleaned with backup
C:\WINDOWS\system32\shell386.exe -> Not-A-Virus.Hoax.Win32.Renos.cm : Cleaned with backup
C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup


::Report End---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 00:27:29, 26/04/2006
+ Report-Checksum: 618E1414

+ Scan result:

HKU\S-1-5-21-220523388-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-220523388-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F65B197F-8260-4D52-909A-F70118E646EB} -> Adware.MWSearch : Cleaned with backup
C:\Documents and Settings\admin 1\Cookies\cal@microsoftuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wupdmgr.exe -> Not-A-Virus.Hoax.Win32.Renos.cq : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\0fb54ad28ee1cc4a51189614a4086 d3c -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\22e7561ee39f821b70015be4e2746 43a -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\36fc88345dbed664aa9ed01642799 111 -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\7cbfc451e63e0d9ec644c08ffb6e9 107 -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\925bd75fb5b421d22734e22b7a272 ec3 -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\9db469b33cab148afe8b3fac46e16 bf6 -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\c9a9db8182aba5b0687bb33eb68d8 df7 -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\f2c9917855d46af39450ae1df5c7f acf -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Application Data\SpyOnThis\cache\fbdaec802ec84b0caea54febf0355 494 -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Cookies\cal@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Cookies\cal@e-2dj6wgkyeiajklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\CAL.WILLOW1\Cookies\cal@www.myaffiliatepr ogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@ad.yield manager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@cnn.122. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@cz8.clic kzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@image.ma sterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@wrigley. 122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@www.myaf filiateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Cookies\flamehead@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\flamehead.CAL1\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@ad.yi eldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@msnpo rtal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@rotat or.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Cookies\flamehead@www.m yaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Flamehead.WILLOW1\Local Settings\Temporary Internet Files\Content.IE5\WDAN09UJ\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Program Files\SpyOnThis\Quarantine\{C30380AC-D1A6-45B7-AA42-A92552F8FE2D}.zip/{79AB730B-4A93-4485-AD98-49B2447254E5} -> TrackingCookie.Overture : Error during cleaning
C:\Program Files\SpyOnThis\Quarantine\{C30380AC-D1A6-45B7-AA42-A92552F8FE2D}.zip/{A77D9DBF-3E34-4485-BA32-E06041221D1F} -> TrackingCookie.Tribalfusion : Error during cleaning
C:\Program Files\SpyOnThis\Quarantine\{C30380AC-D1A6-45B7-AA42-A92552F8FE2D}.zip/{F789113B-D98C-404E-B2AD-AE179E98C6E1} -> TrackingCookie.Atdmt : Error during cleaning
C:\WINDOWS\osaupd.exe -> Not-A-Virus.Hoax.Win32.Renos.cq : Cleaned with backup
C:\WINDOWS\system32\shell386.exe -> Not-A-Virus.Hoax.Win32.Renos.cm : Cleaned with backup
C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup


::Report End


Many Thanks Again

The Busker

Nice work but you posted the Ewido log twice. Do you have the Panda scan log it is very important that I see that please.


Did you save the look2Me remover log also? If not that is ok.


How is your computer behaving now?

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Hi Neal,

Yes my computer is behaving wery well just now. See below the active scan from Panda. However I do not seem to have to look2me report.


Incident Status Location

Adware:adware/azesearch Not disinfected c:\windows\system32\azebar.xml
Potentially unwanted tool:application/adwaresheriff Not disinfected C:\Documents and Settings\CAL.WILLOW1\Desktop\Adware Reviews.url
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\admin 1\Cookies\cal@mp3search[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\admin 1\Cookies\cal@xiti[1].txt
Much obliged and I will get around to making a donation

Thanks again

The Busker

HI,



To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)


Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.



Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Delete this file:

c:\windows\system32\azebar.xml


Post a new hijackthis log and hopefully we can send you on your way with some free tools to help keep your computer safer than it is right now.

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.