Spysweeper found blazefind,orbit,websearch toolbar

As far as AccountLogon, are you sure no one installed this:
http://www.download.com/AccountLogon/3000-2144-10197805.html

See this for Adroar:
http://sarc.com/avcenter/venc/data/adware.adroar.html

If this is too complex for you, please let me know and post a HijackThis log as a .txt file attachment (see the < Hijack This Tutorial And How To Post Your Log File > thread first to see what is expected of you)

 

But is it the AccountLogon program that I gave a link to? Do you think you or someone else may have installed it?

Yes post a HJT log attachment.

 

You did not follow the directions completely in the HijackThis tutorial. You have HJT running from the ZIP file. See this line in your log.

C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

You must put it into its own folder as indicated in the tutorial before we try to fix things with it. Extract it from the ZIP into its own folder (like c:\program files\hjt )

 

Did you use SpyBot or SpySweeper to protect your Internet Explorer\Control Panel with the below line:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Run HijackThis and select each item list below and the before clicking Fix shut down all browser sessions first including the one you are reading from right now.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: jimmyhelp.CBrowserHelper - {7A5F0F88-11BB-43AE-B4E7-FEF22315FB14} - C:\WINNT\xxqlex.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

Check out these other links on Adroar:
http://www.kephyr.com/spywarescanner/library/adroar/index.phtml
http://www.pestpatrol.com/pestinfo/a/adroar.asp

 

Also try this for fixing the Adroar problem:

Click Start, and then click Run. (The Run dialog box appears.)

Type, or copy and paste, the following text:
regsvr32 /u AdRoar.dll
then click OK. If a dialog box confirming this action appears, click OK.

​

Reboot in safe mode and delete (if found):
c:\windows\AdRoar.dll or c:\windows\system32\AdRoar.dll
c:\windows\ARUpdate.exe or c:\windows\system32\ARUpdate.exe

 

You can fix it! Why give them free advertisement? It's only a window title and you can change them to anything you like with no impact. If you want to keep it, that's fine.

Keep them fires in control! Can you make me an honorary fireman? I keep putting out fires here all the time.

 

If you just check another log on your PC and do not get:
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

But rather something like:

C:\Program Files\HijackThis\HijackThis.exe

then you are okay!

 

Kris,

I saw your PM of SpySweeper. It looks like it fixed everything. Are you saying you still have a problem? If so, with what. Try running SpySweeper from safe mode boot.

Sure post another HJT log attachment.

 

You HJT log is clean. Let me know it you find any other problems with SpyBot (try running it in safe mode too).

For the AccountLogon item in the registry, we may have to fix it by hand by editing the registry.

 

Do you have SpywareBlaster installed? If yes, ignore the SearchForIt message from SpyBot. It is a bug (just like the well know DSO Exploit issue with SpyBot). It is still a great program though.

I think most of your problems are due to fairly benign data stuck in your registry. I don't understand why SpySweeper told you it fixed the problems but they are still there. Either something is bringing them back (after a reboot or running some application) or SpySweeper is never really fixing them.

What version is your SpyBot? And what is the date of your detection rules? Click the Help, About selections. Also do the below to fix some settings in SpyBot. At the top of the screen select Mode, Advanced mode, then on the lower left select Settings. Now select Ignore Products. Right click on lower part of the right window and select "Deselect all".

Now if fully updated! Run SpyBot again.

Back aways you said you did the below:

Reboot in safe mode and delete (if found):
c:\windows\AdRoar.dll or c:\windows\system32\AdRoar.dll
c:\windows\ARUpdate.exe or c:\windows\system32\ARUpdate.exe

Did you actually find those files on your PC?

 

4 of them were checked by default (a bug) after install. As long as you did what I said you should be okay now. Also, note some malware will sometimes disable programs like SpyBot from detecting them. So it never hurts to check.

 

go here and download Registrar lite and install it: http://www.majorgeeks.com/download469.html

Click on the Search icon (the magnifier glass) and then enter in the Text to search for box:
adroar

then hit return. Tell me what you get on the right side window.
If you get a lot of them, does waste your time. Just right click on them and delete them. But first make sure it is really the Adroar that SpyBot is complaining about. See your first message with HKEY_USERS\....

 

Okay! Let me know one way or another.

 

Make a note of what SpySweeper gives you and look for the items in the registry using Registrar Lite and delete them the same way.

 

No! You don't want to. Now I think I see the problem, SpySweeper is finding lines in your registry that are used to block malware sites. SpyBot and SpywareBlaster and other programs put these there. SpySweeper is detecting the word blazefind.com, rather than determing if it is really a problem or not.

If you bought SpySweeper, I would email them and complain. If the other things it was detecting are in the same place, ignore them.

 

You're welcome.