Options
Little Help? Got my HijackThis, BitDefender, & ActiveScan Logs
Could I please get some help cleaning myself out? I'm not the most knowledgeable user, but I know better than to use IE 
My wife was playing with some MySpace ads, and of course... installed every Yahoo game known to man.
Symptoms:
I continually hear a clicking noise. It's weird.
I also, for a short time had a blue screen with a small grey box centered on it.
When trying to use a full-screen game or window, I seem to be getting ALT-TABBED out of it when the clicking noise happens. Even now, as I'm typing, this window gets ALT-TABBED out of to nothing. It just becomes inactive until I click it again.
HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 3:04:49 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {78F8C7DC-143A-4858-8E4B-39AE98CCB179} - C:\Program Files\Movie Maker\medonufa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
ActiveScan:
Incident Status Location
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.peel.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[hc2.humanclick.com/hc/11199995]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[www.myaffiliateprogram.com/]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[Beyond.class]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@adopt.hbmediapro[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@bluestreak[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@c.enhance[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@c5.zedo[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@fortunecity[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@hitbox[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@revenue[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@tribalfusion[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@zedo[2].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\rmtag3[2].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\rmtag3[2].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\rmtag3[4].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\WDAROTUV\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\WDAROTUV\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\XC9XOP5L\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\XC9XOP5L\rmtag3[3].js
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Ssk.log
I can provide my BitDefender log on request.
Can somebody please help me out? I'm lost here.
My wife was playing with some MySpace ads, and of course... installed every Yahoo game known to man.Symptoms:
I continually hear a clicking noise. It's weird.
I also, for a short time had a blue screen with a small grey box centered on it.
When trying to use a full-screen game or window, I seem to be getting ALT-TABBED out of it when the clicking noise happens. Even now, as I'm typing, this window gets ALT-TABBED out of to nothing. It just becomes inactive until I click it again.
HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 3:04:49 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {78F8C7DC-143A-4858-8E4B-39AE98CCB179} - C:\Program Files\Movie Maker\medonufa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
ActiveScan:
Incident Status Location
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.peel.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[hc2.humanclick.com/hc/11199995]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bb5grod1.default\cookies.txt[www.myaffiliateprogram.com/]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-6d412b6d.zip[Beyond.class]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@adopt.hbmediapro[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@bluestreak[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@c.enhance[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@c5.zedo[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@fortunecity[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@hitbox[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@revenue[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@tribalfusion[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brandon\Cookies\brandon@zedo[2].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\rmtag3[2].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\rmtag3[2].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\rmtag3[4].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\WDAROTUV\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\WDAROTUV\rmtag3[3].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\XC9XOP5L\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\XC9XOP5L\rmtag3[3].js
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Ssk.log
I can provide my BitDefender log on request.
Can somebody please help me out? I'm lost here.
0
Comments
Double-click
ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click
Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click
Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Then launch HijackThis and place a checkmark by the following entries:
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.
This file is pretty suspicious:
C:\WINDOWS\system32\WPDShServiceObj.dll
Please locate the file, then right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.
Please post these in your next reply:
A new Panda ActiveScan log
A new HijackThis log
File Properties of WPDShServiceObj.dll