Hi,

There is something wrong with my computer and I can't seem to fix it. In fact there seem to be a few unrelated things all happening at once. I'll just list them. They are:

i) Computer is running slow with frequent hangs a la a virus but can't seem to find anything with AVG, Ad-Aware or Spybot. I've even used Pandsoft online with very limited success. Ad-aware seems particularly slow taking about 45 minutes to scan 110000 files.

ii) I can't seem to get a webcam to work in MSN Messenger on this computer. I have a basic Intel webcam (about 5-6 years old) and download every driver that could possibly work it and it refused to take any. I then bought a new webcam Genius VideoCAM Messenger, which happily installed but then couldn't be used in MSN. Whenever I tried MSN would tell me that the webcam is not plugged in or it is being used by another program (no doubt the Messenger program that comes with it even though I haven't opened it and yes I've plugged the cam in) but I've heard it said that this particular camera is meant to be one of the best for use in MSN but I just can't get that happening.

iii) Dan Penny, a moderator here, spent many, many hours helping me to restore this computer after a bad crash about five months ago. After the main problem was solved, there was a lingering problem of finding the correct Display Adapter drivers so that I could use more than just the 16-colours that I was getting. He eventually got the right one, however ever since then (about three weeks ago) I've been noticing that some problems have remained. For instance. I have a fairly detailed wallpaper which distorts quite noticeably whenever the computer is not at its highest resolution and at the moment I can't seem to get the computer to hold that. It's always on a slightly inferior resolution and I can't improve it.

Well they are the main problem I'm facing at the moment. Any help would be greatly appreciated. I will post a HJT log for you as well.

Kindest regards,

Operaboy.

Logfile of HijackThis v1.99.0
Scan saved at 2:43:11 AM, on 3/30/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\STARTUP MECHANIC\STARTUPMONITOR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\VSNPSTD.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETGEAR WG311V2 ADAPTER\WLANCFG5.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\y0lfc6nq.slt\prefs.j s)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\y0lfc6nq.slt\prefs.j s)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

Oh and another thing, the Foxie Suite loads and installs on my computer but I cannot get the tabs to happen in Internet Explorer which is the main reason I wanted the programme in the first place. All of the files download (although during installation it prompts that it need to download some extra files that it needs to run - it does that and the installation finishes without incident). I have tried going into Toolbars but the Foxie Toolbar is not listed.

Any thoughts?

Thanks,

Operaboy.

Hi and welcome to DAL,


Your log got missed some how but let's try and see what we can do to help you.


Go to the link below and run the Trojan scanner and report back what happens there please.

http://www.emsisoft.com/en/software/download/


Plus a new hijackthis log.

Hi,

Please find below my latest a2squared scan log and HijackThis log.

a-squared Homepage
a-squared Homepage Trojan
a² Homepage
a-squared Report
Scan started: 4/10/06 2:26:45 PM
Scan finished: 4/10/06 3:37:44 PM
Scan duration: 1h 10min 58sec
Scanned files: 103220
Infected files: 184

Object Diagnosis
C:\Program Files\funwebproducts Trace.Directory.FunWebProducts
C:\Program Files\mywebsearch Trace.Directory.MyWebSearchToobar
C:\Program Files\mywebsearch Trace.Directory.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historykillersche duler.1 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historykillersche duler Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historyswattercon trolbar.1 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historyswattercon trolbar Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager. 1 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutt on.1 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutt on Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswattersetting scontrol.1 Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswattersetting scontrol Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} Trace.Registry.FunWebProducts
Key: HKEY_LOCAL_MACHINE\software\fun web products Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{07b18ea3-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{a9571378-68a1-443d-b082-284f960c6d17} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{b813095c-81c0-4e40-aa14-67520372b987} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{07b18eac-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n.1 Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin .1 Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller.1 Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} Trace.Registry.MyWebSearchToobar
Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks --> {00a6faf6-072e-44cf-8957-5838f569a31d} Trace.Registry.MyWebSearchToobar
Key: HKEY_CURRENT_USER\software\mywebsearch Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlo ok\addins\mywebsearch.outlookaddin Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\ addins\mywebsearch.outlookaddin Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\mywebsearch bar uninstall Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\mywebsearch Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{07b18ea3-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{a9571378-68a1-443d-b082-284f960c6d17} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{b813095c-81c0-4e40-aa14-67520372b987} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{07b18eac-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n.1 Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin .1 Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller.1 Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} Trace.Registry.MyWebSearchToolbar
Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks --> {00a6faf6-072e-44cf-8957-5838f569a31d} Trace.Registry.MyWebSearchToolbar
Key: HKEY_CURRENT_USER\software\mywebsearch Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlo ok\addins\mywebsearch.outlookaddin Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\ addins\mywebsearch.outlookaddin Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca} Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\mywebsearch bar uninstall Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\mywebsearch Trace.Registry.MyWebSearchToolbar
c:\My Documents\My Downloads\SmileyCentralFFSetup2.0.4.18.exe Adware.ToolBar.MyWebSearch
c:\My Documents\My Downloads\SmileyCentralFFSetup2.0.4.18(2).exe Adware.ToolBar.MyWebSearch
c:\Program Files\MSN Messenger\riched20.dll Adware.Win32.MyWebSearch
c:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR Adware.Win32.MyWebSearch
c:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL Adware.Win32.MyWebSearch
c:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE Adware.Win32.MyWebSearch
c:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL Adware.IWon.a
c:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL Adware.ToolBar.MyWebSearch.ad
c:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL Adware.Win32.MyWebSearch.i
c:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Adware.Win32.MyWebSearch.i
c:\WINDOWS\SYSTEM\Popular Screensavers.scr Adware.Win32.MyWebSearch
c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hdnp2qv8.default\Cac he\71667A48d01 Adware.ToolBar.MyWebSearch
c:\WINDOWS\Cookies\david thelander@serving-sys[2].txt Trace.TrackingCookie



Logfile of HijackThis v1.99.0
Scan saved at 4:04:09 PM, on 4/10/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\STARTUP MECHANIC\STARTUPMONITOR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPAMIHILATOR\SPAMIHILATOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETGEAR WG311V2 ADAPTER\WLANCFG5.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WORDBIZ\WORDBIZ.EXE
C:\WINDOWS\JVIEW.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FDM.EXE
C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\y0lfc6nq.slt\prefs.j s)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\y0lfc6nq.slt\prefs.j s)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSBAR.DLL,S
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSOEMON.EXE
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\RunServices: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSOEMON.EXE
O4 - Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

Kindest regards,

Operaboy.

Hi,


Go into add/remove program and remove:(IF FOUND)

Lime Wire
My Web Search etc.
FunWebProducts


Reboot if anything was removed


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done


Run hijackthis and click on scan button and put checks next to these:


O2 - BHO: (no name) - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL (file missing)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSBAR.DLL,S
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSOEMON.EXE
O4 - HKCU\..\RunServices: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\3.BIN\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...html?p=ZNfox000


With nothing but hijackthis open click on fix checked.


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Hunt for and delete if present:

C:\PROGRAM FILES\MYWEBSEARCH < folder
C:\PROGRAM FILES\FunWebProducts < folder
C:\PROGRAM FILES\LIMEWIRE < folder


Do this also if these Temp Folders are part of your operating system.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Next navigate to the C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK.


Reboot normal mode and post a hijackthis log please.

Hi there,

Thank you for that. Here's is my latest HJT log. For some reason I could not locate a 'Documents and Settings' folder anywhere on my computer which could be a serious issue in itself but otherwise I carried out all of your instructions.

Kindest regards,

Operaboy.

Logfile of HijackThis v1.99.0
Scan saved at 2:41:32 PM, on 4/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\STARTUP MECHANIC\STARTUPMONITOR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPAMIHILATOR\SPAMIHILATOR.EXE
C:\PROGRAM FILES\NETGEAR WG311V2 ADAPTER\WLANCFG5.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\y0lfc6nq.slt\prefs.j s)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\y0lfc6nq.slt\prefs.j s)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

Hi,


Your log is clean, how is it running now?


Better give me a Panda scan log just in case:



www.pandasoftware.com/activescan/

Internet Explorer Required
Please run this online virus scan: ActiveScan

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)
- Select either Home User or Company
* Click the big Scan Now button
* If/when you get a notice that Panda wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on Local Disks to start the scan
* When the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop and post it back here please and a new hijackthis log as well. Thanks.

Everything is running beautifully, thank you so much.

Kindest regards,

Operaboy.

Hi,

Here is the Activescan log. The HJT log is on its way.

Kindest regards,

Operaboy.


Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Profiles\David Thelander\Application Data\Mozilla\Firefox\Profiles\hdnp2qv8.default\coo kies.txt[]