PDA

View Full Version : Help with popups



panthershutch15
2007-01-13, 17:49
I sometimes leave my PC to come back to 20+ pop-ups from internet explorer at the bottom of my screen. Sometimes they are not there, but when this happens the computer performance is terrible and trying to close each pop-up just freezes the computer.

The computer is probably 3-4 years old and is the family computer. I've tried many pop-up blockers and virus scanners, but this is still a problem. I do not even use Internet Explorer as my web browser and have tried to uninstall it, but the pop-ups still come from Internet Explorer, often times saying "About: blank"

Here is the only result from the eTrust antivirus scanner:

Scan Results: 68176 files scanned. 1 virus was detected.

File Infection Status Path
smzou.dll Win32/Clspring.GF infected C:\WINDOWS\system32\

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:42 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
c:\program files\common files\aol\1129685037\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1129685037\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [82186d127b7a] C:\WINDOWS\System32\dnsrslvr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\a.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
O4 - HKLM\..\Run: [anotherap2] C:\WINDOWS\mmpopoct.exe
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xwkvhthc.dll",setvm
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (ISEXEng) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I notice a lot of things from AOL in the HJT log....I stopped using AOL about a year ago and no longer need anything from them.. I now use SBC Yahoo.

Thanks for the help! It is appreciated!
Kris

teacup61
2007-01-14, 23:42
Hello Kris,

Welcome to Safer Networking Forums :)

Quite a bit going on here, so the AOL stuff will get done a bit later, but we will get rid of it. ;)



1. Download AVG Anti-Spyware (formerly Ewido) from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete, run AVG and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
Close AVG and reboot your system back into Normal Mode.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG text report that you saved and a new HiJackThis log.

Thanks,
tea

panthershutch15
2007-01-15, 02:43
Thank you for the welcome and for the help...It is greatly appreciated.

I went through everything you asked me to do. The information you have asked for is below.

** The AVG scan report doesn't seem to want to open correctly, just a bunch of symbols and letters....So, I went back into AVG and posted the report from inside the program **

Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 7:37:23 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Updater.exe
C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mmxonehour.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\tASKS\smss.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
c:\program files\common files\aol\1129685037\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1129685037\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\system32\WWEXEC~1.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

panthershutch15
2007-01-15, 02:44
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:23:19 PM 1/14/2007

+ Scan result:



C:\WINDOWS\system32\bitsprx4.dll -> Adware.AdRotate : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\axo.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113837.EXE -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113838.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\apgfllvh.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\epi_sca6.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76A.tmp -> Adware.EliteMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsy1C44.dll -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{746455FE-D059-47E7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnsrslvr.exe -> Adware.IEDriver : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildArcade -> Adware.MidAddle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1108\A0114019.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Support Software -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Support Software\Params -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temp\temp.fr1AD6 -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temp\temp.fr447B -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1095\A0113214.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1096\A0113262.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1103\A0113476.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113718.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116742.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116743.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smzou.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\rk.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1146\A0118167.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1146\A0118168.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\Uninstall.exe -> Adware.SearchClickAds : Cleaned with backup (quarantined).
C:\Program Files\KewlBar 5.0\toolbar.dll -> Adware.SearchIt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp\SAccU.exe -> Adware.SurfAcc : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DC6_check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D487068E-9B04-4FE5-8A83-08344F800BF5} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113722.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113913.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113917.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113918.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113920.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113921.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113922.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113939.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\A0113951.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\snapshot\MFEX-2.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\snapshot\MFEX-20.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\snapshot\MFEX-43.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113914.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116190.dll -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116191.exe -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116156.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116157.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116158.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116159.INI -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116160.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116163.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116164.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116167.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116168.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116171.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116172.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116174.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116726.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116727.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116728.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116729.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1146\A0118331.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118378.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118379.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118380.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118381.INI -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118382.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118385.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118386.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118389.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118390.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118393.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118394.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118396.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119135.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119140.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119141.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119142.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119143.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temporary Internet Files\Content.IE5\44T9YT85\installdrivecleanerstart[1].cab/UDC6_0001_D19M2808NetInstaller.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116187.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116188.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76C.tmp -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nwinpsap.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qwintsap.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bcjcjpxc.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fbbtsmxb.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mbbdyrwo.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sqjpejod.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\Driver Cache\hardbin.dll -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\WINDOWS\ab_01.exe -> Downloader.Agent.bai : Cleaned with backup (quarantined).
[1268] C:\WINDOWS\Driver Cache\hardbin.dll -> Downloader.Agent.bai : Cleaned with backup (quarantined).
[252] C:\WINDOWS\Driver Cache\hardbin.dll -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1115\A0114203.EXE -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.be : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116747.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\WINDOWS\Taga96.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\a.exe -> Downloader.VB.xq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1147\A0118336.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\919_131.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113861.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\mmpopoct.exe -> Hijacker.VB.qd : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temp\temp.frBA1E -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171\snapshot\MFEX-4.DAT -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Cookies\case managment@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@paidmarketingpanel.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.18:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

panthershutch15
2007-01-15, 02:45
:mozilla.30:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.36:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.815:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.877:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.730:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.731:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.732:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.809:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.811:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.812:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@admarketplace[3].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.260:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.261:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.262:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.263:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.265:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.266:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.290:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[5].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.130:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.139:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.141:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Burstnet : Cleaned.
:mozilla.778:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.779:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.780:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.781:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www3.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Clickbank : Cleaned.
:mozilla.579:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@vip.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cliks[3].txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.219:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.224:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78D.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.413:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.559:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.560:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.607:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.614:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.615:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.716:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.795:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.796:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.797:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.798:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.799:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.856:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.857:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.858:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.861:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.610:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.611:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.612:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.613:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.334:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.335:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.336:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.580:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.581:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.582:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case

panthershutch15
2007-01-15, 02:46
managment@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@goldenpalace[3].txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.364:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.668:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.673:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned.
:mozilla.627:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.628:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.629:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.742:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.819:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.820:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.821:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.523:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.722:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.723:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.724:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.618:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.619:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.620:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.621:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.622:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.623:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@h.starware[3].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.390:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.392:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.393:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.394:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.395:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.396:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.397:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.399:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.400:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.401:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.402:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq792.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.382:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.383:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anat.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq793.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq794.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq795.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@a.tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> TrackingCookie.Weborama : Cleaned.
:mozilla.129:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.140:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.142:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[5].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[7].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78A.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78C.tmp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.568:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.569:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.570:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.571:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\utmmifxe.dll -> Trojan.BHO.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116189.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051018214002.zip/WINDOWS/systb.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\WINDOWS\msbbi.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76B.tmp -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1094\A0113208.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1095\A0113216.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1096\A0113264.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1103\A0113477.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113715.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1115\A0114207.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116744.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113719.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113720.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\Setup99.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end

teacup61
2007-01-15, 03:49
Hello,

Okay, lots to do this time, so before beginning, you may want to save these instructions to Notepad or print them out for easier reference.

Via Add/Remove Programs, uninstall/remove anything relating to AOL.

Also uninstall Spyware-Cop
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Reboot when you're done removing those.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: "C:\Program Files\BearShare\BearShare.exe" /pause <-----it's never good to have P2P on startup!!
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following, if still present:

C:\PROGRA~1\COMMON~1\AOL<----this folder
C:\Program Files\AOL Toolbar<----this folder
C:\Program Files\KewlBar<----this folder
C:\Program Files\America Online 9.0b<----this folder
C:\PROGRA~1\SPYWAR~1<----this will be the Spyware-Cop folder

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click [b]VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

How is your computer running after all that? :)

Thanks,
tea

panthershutch15
2007-01-15, 21:59
Here are the Vundofix results..


VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 10:59:57 AM 1/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jisrbvfx.dll
C:\WINDOWS\system32\jisrbvfx.dll Has been deleted!

Performing Repairs to the registry.
Done!



Combfix file:

"Case Managment" - 07-01-15 14:31:42 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Case Managment\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\INSTALL.LOG
C:\WINDOWS\Eim03.exe
C:\Program Files\Outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\ECURIT~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\STEM~1
C:\qoobox\purity\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~2.NET
C:\qoobox\purity\Program Files\ēSKS~1
C:\qoobox\purity\Program Files\YSTEM3~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\CASEMA~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\ēSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\YSTEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~2
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YMANTE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\MANTEC~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\TSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ēSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM32~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-15 10:59 <DIR> d-------- C:\VundoFix Backups
2007-01-14 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-14 19:32 <DIR> d-------- C:\bintheredunthat
2007-01-14 19:29 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2007-01-14 18:01 <DIR> d-------- C:\BFU
2007-01-14 17:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 17:55 <DIR> d-------- C:\Program Files\Grisoft
2007-01-14 12:01 124,180 --a------ C:\WINDOWS\system32\cxejgras.dll
2007-01-12 13:11 <DIR> d-------- C:\DOCUME~1\CASEMA~1\.housecall6.6
2007-01-12 12:04 <DIR> d-------- C:\HJT
2006-12-27 11:16 147,476 --a------ C:\WINDOWS\system32\qjtoemgs.dll
2006-12-15 13:18 124,180 --a------ C:\WINDOWS\system32\anywrkng.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 18:08 20461 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.sta
2007-01-14 18:08 113367 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.rul
2007-01-11 10:29 191488 -r-hs---- C:\WINDOWS\system32\wwexec~1.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-15 19:57 135188 --a------ C:\WINDOWS\system32\nwyaddle.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 17:00 1484 --a------ C:\PPCleanDeleteAtReboot.bat
2006-10-29 14:30 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-29 13:23 65536 --a------ C:\WINDOWS\mmxonehour.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"iRiver Updater"="\\Updater.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"Mell Reg Reminder"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://active.ieplugin.com/active/?17196760

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070115-105442-737
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
backup-20070115-105441-932
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
backup-20070115-105442-521
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
backup-20070115-105441-499
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
backup-20070115-105440-742
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
backup-20070115-105440-413
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20070115-105439-316
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20070115-105441-239
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
backup-20070115-105438-446
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
backup-20070115-105438-548
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
backup-20070115-105438-225
O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070115-105438-471
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
backup-20070115-105438-212
O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070115-105438-808
O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070115-105438-609
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
backup-20070115-105438-342
O15 - Trusted Zone: *.kabum.pl (HKLM)
backup-20070115-105438-441
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070115-105438-892
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
backup-20070115-105438-497
O15 - Trusted Zone: *.gimmycash.com (HKLM)
backup-20070115-105438-452
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
backup-20070115-105438-800
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070115-105438-106
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
backup-20070115-105438-249
O15 - Trusted Zone: *.freeemotes.com
backup-20070115-105438-894
O15 - Trusted Zone: *.elitemediagroup.net
backup-20070115-105437-832
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
backup-20070115-105438-977
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
backup-20070115-105436-366
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-322
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105436-670
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
backup-20070115-105435-493
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-808
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105435-458
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
backup-20070115-105435-640
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
backup-20070115-105435-539
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
backup-20070115-105435-105
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
backup-20070115-105435-407
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20070115-105435-768
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
backup-20070115-105435-155
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
backup-20070115-105435-430
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
backup-20070115-105435-415
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
backup-20070115-105435-212
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
backup-20070115-105435-883
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
backup-20070115-105435-132
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
backup-20070115-105435-843
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
backup-20070115-105435-521
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20070115-105435-660
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
backup-20070115-105435-733
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
backup-20070115-105435-522
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
backup-20070115-105435-672
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
backup-20070115-105435-447
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
backup-20070115-105435-346
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
backup-20070115-105435-874
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
backup-20070115-105435-453
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
backup-20070115-105435-720
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
backup-20070115-105435-838
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070115-105435-887
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-302
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
backup-20070115-105435-804
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
backup-20070115-105435-726
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
backup-20070115-105435-997
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-661
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
backup-20070115-105435-743
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
backup-20070115-105435-439
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
backup-20070115-105435-134
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-735
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070115-105435-998
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
backup-20070115-105435-244
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
backup-20070115-105435-771
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
backup-20070115-105435-440
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
backup-20070115-105435-572
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
backup-20070115-105435-305
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-483
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
backup-20070115-105435-273
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-668
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-431
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
backup-20070115-105435-524
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
backup-20070115-105435-639
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-15 14:39:33

panthershutch15
2007-01-15, 22:00
HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:58:41 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Thanks for all of the help again.

The PC seems to be running a bit faster and in the last 20-30 minutes of being online I have not had any popups.

panthershutch15
2007-01-15, 22:02
Forgot to mention, I couldn't find the following...


Navigate to and delete the following, if still present:

C:\PROGRA~1\COMMON~1\AOL<----this folder
C:\PROGRA~1\SPYWAR~1<----this will be the Spyware-Cop folder

teacup61
2007-01-15, 23:32
Hello,

This looks much better! Glad to know it's running better too. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<---this is a resource hog deluxe.

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following files, if present:

C:\WINDOWS\system32\anywrkng.dll << This file
C:\WINDOWS\system32\qjtoemgs.dll << This file
C:\WINDOWS\system32\cxejgras.dll << This file
C:\WINDOWS\system32\wintsvtr.exe << This file

Do a search for and delete anything AOL.

Reboot your computer.

Please run ComboFix again and post the report, along with a new HijackThis log. Let me know how all this went. We may have to get tough with AOL. Do you still use AIM? I didn't include it before, since I know you can use it independently of AOL itself. :)

Thanks,
tea

panthershutch15
2007-01-16, 01:22
Logfile of HijackThis v1.99.1
Scan saved at 6:19:45 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\cmd.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Case Managment" - 07-01-15 14:31:42 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Case Managment\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\INSTALL.LOG
C:\WINDOWS\Eim03.exe
C:\Program Files\Outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\ECURIT~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\STEM~1
C:\qoobox\purity\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~2.NET
C:\qoobox\purity\Program Files\ēSKS~1
C:\qoobox\purity\Program Files\YSTEM3~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\CASEMA~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\ēSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\YSTEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~2
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YMANTE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\MANTEC~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\TSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ēSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM32~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-15 10:59 <DIR> d-------- C:\VundoFix Backups
2007-01-14 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-14 19:32 <DIR> d-------- C:\bintheredunthat
2007-01-14 19:29 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2007-01-14 18:01 <DIR> d-------- C:\BFU
2007-01-14 17:55 3,968 --a------

panthershutch15
2007-01-16, 01:23
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 17:55 <DIR> d-------- C:\Program Files\Grisoft
2007-01-14 12:01 124,180 --a------ C:\WINDOWS\system32\cxejgras.dll
2007-01-12 13:11 <DIR> d-------- C:\DOCUME~1\CASEMA~1\.housecall6.6
2007-01-12 12:04 <DIR> d-------- C:\HJT
2006-12-27 11:16 147,476 --a------ C:\WINDOWS\system32\qjtoemgs.dll
2006-12-15 13:18 124,180 --a------ C:\WINDOWS\system32\anywrkng.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 18:08 20461 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.sta
2007-01-14 18:08 113367 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.rul
2007-01-11 10:29 191488 -r-hs---- C:\WINDOWS\system32\wwexec~1.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-15 19:57 135188 --a------ C:\WINDOWS\system32\nwyaddle.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 17:00 1484 --a------ C:\PPCleanDeleteAtReboot.bat
2006-10-29 14:30 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-29 13:23 65536 --a------ C:\WINDOWS\mmxonehour.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"iRiver Updater"="\\Updater.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"Mell Reg Reminder"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://active.ieplugin.com/active/?17196760

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070115-105442-737
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
backup-20070115-105441-932
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
backup-20070115-105442-521
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
backup-20070115-105441-499
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
backup-20070115-105440-742
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
backup-20070115-105440-413
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20070115-105439-316
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20070115-105441-239
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
backup-20070115-105438-446
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
backup-20070115-105438-548
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
backup-20070115-105438-225
O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070115-105438-471
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
backup-20070115-105438-212
O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070115-105438-808
O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070115-105438-609
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
backup-20070115-105438-342
O15 - Trusted Zone: *.kabum.pl (HKLM)
backup-20070115-105438-441
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070115-105438-892
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
backup-20070115-105438-497
O15 - Trusted Zone: *.gimmycash.com (HKLM)
backup-20070115-105438-452
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
backup-20070115-105438-800
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070115-105438-106
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
backup-20070115-105438-249
O15 - Trusted Zone: *.freeemotes.com
backup-20070115-105438-894
O15 - Trusted Zone: *.elitemediagroup.net
backup-20070115-105437-832
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
backup-20070115-105438-977
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
backup-20070115-105436-366
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-322
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105436-670
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
backup-20070115-105435-493
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-808
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105435-458
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
backup-20070115-105435-640
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
backup-20070115-105435-539
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
backup-20070115-105435-105
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
backup-20070115-105435-407
O4 - HKLM\..\Run: "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20070115-105435-768
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
backup-20070115-105435-155
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
backup-20070115-105435-430
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
backup-20070115-105435-415
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
backup-20070115-105435-212
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
backup-20070115-105435-883
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
backup-20070115-105435-132
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
backup-20070115-105435-843
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
backup-20070115-105435-521
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20070115-105435-660
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
backup-20070115-105435-733
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
backup-20070115-105435-522
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
backup-20070115-105435-672
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
backup-20070115-105435-447
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
backup-20070115-105435-346
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
backup-20070115-105435-874
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
backup-20070115-105435-453
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
backup-20070115-105435-720
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
backup-20070115-105435-838
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070115-105435-887
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-302
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
backup-20070115-105435-804
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
backup-20070115-105435-726
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
backup-20070115-105435-997
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-661
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
backup-20070115-105435-743
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
backup-20070115-105435-439
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
backup-20070115-105435-134
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-735
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070115-105435-998
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
backup-20070115-105435-244
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
backup-20070115-105435-771
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
backup-20070115-105435-440
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
backup-20070115-105435-572
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
backup-20070115-105435-305
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-483
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
backup-20070115-105435-273
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-668
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-431
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
backup-20070115-105435-524
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
backup-20070115-105435-639
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-15 14:39:33


[B]Here is the latest! Thanks!!!

teacup61
2007-01-16, 02:27
Hi,

quick question....were those files there to delete? I see AOL is still there. Did you find them? That's why I asked you to let me know how it went. ;) I need to know what to do for you next. :)

tea

panthershutch15
2007-01-16, 02:35
AOL appears to be gone, and I did find all of those files and they are also gone now.

Thanks again.

teacup61
2007-01-16, 03:53
Hello,

Thank you so much! :)


Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.


@echo off
sc stop AOLService
sc delete AOLService
sc stop AOL ACS
sc delete AOL ACS
exit

Double click FixServices.bat. A window will open and close. This is normal.

Please go Here to run Panda's ActiveScan. http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).
Post the contents of the ActiveScan report, please, and a new HijackThis log.

Hopefully we're just about done. ;)

Thanks,
tea

panthershutch15
2007-01-16, 21:37
Incident Status Location

Adware:adware/statblaster Not disinfected c:\windows\system32\WBCMUninst.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D9M1705NetInstaller.exe
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Adware:adware/esyndicate Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/mbkwbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/surfaccuracy Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:spyware/bridge Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Virus:Trj/Downloader.MDL Disinfected C:\WINDOWS\Tasks\smss.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[apuc.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[cb.exe]
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\LocalService\Cookies\system@mmm.media-motor[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@go[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@888[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@belnk[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@adopt.hbmediapro[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@atwola[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@dlm.dlmax[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@rightmedia[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@ct.360i[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@entrepreneur[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@offeroptimizer[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case

panthershutch15
2007-01-16, 21:38
Managment\Cookies\case managment@belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@dist.belnk[5].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@drivecleaner[2].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@mmm.media-motor[3].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@i.screensavers[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@go[6].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@dist.belnk[6].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@www.winantivirus[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@delfinproject[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.com.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.gostats.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Case

panthershutch15
2007-01-16, 21:39
Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.target.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.webpower.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq791.tmp
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\VundoFix Backups\jisrbvfx.dll.bad
Adware:Adware/PurityScan Not disinfected C:\HJT\backups\backup-20070115-105435-134.dll


Logfile of HijackThis v1.99.1
Scan saved at 2:33:32 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\cmd.exe
C:\AMERIC~1.0\aoltray.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1129685037\ee\aexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



There are the latest results. The computer is running much faster and still no popups!

Thanks again...

(I forgot to answer you before, someone on the computer is still using AIM...Also just found out that someone on the computer still uses AOL, so looks like for at least the time being AOL is needed on this computer, so I reinstalled a version...That would explain any of the AOL stuff showing back up).

teacup61
2007-01-17, 02:51
Hello,


(I forgot to answer you before, someone on the computer is still using AIM...Also just found out that someone on the computer still uses AOL, so looks like for at least the time being AOL is needed on this computer, so I reinstalled a version...That would explain any of the AOL stuff showing back up). AHA! Mystery solved there. ;)

So there are other user accounts on the PC.....How many?

Panda sure showed a lot of stuff.:sick:

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thanks,
tea

zschnapp
2007-01-17, 03:05
Only one user account on this PC...Everyone uses the same one, but there are 4 users.


I will run the vundofix tonight if I am able to or tomorrow (I have to leave right now).

Thanks again for all of the help.

panthershutch15
2007-01-17, 03:08
^^ that was me, I think that is my girlfriend who left the login info on my computer...She is going through this process on this forum at her house as well and that was the username at their house...Didn't realize she had logged me out.

teacup61
2007-01-17, 03:19
Heh, okay. Thanks for letting me know. ;)

Regards,
tea

panthershutch15
2007-01-18, 18:32
VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 10:59:57 AM 1/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jisrbvfx.dll
C:\WINDOWS\system32\jisrbvfx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 12:53:44 PM 1/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 6:07:13 PM 1/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

Beginning removal...

Performing Repairs to the registry.
Done!





Logfile of HijackThis v1.99.1
Scan saved at 11:32:19 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1129685037\ee\anotify.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

teacup61
2007-01-18, 19:42
Hello,

Popups still gone? Let me know how it's running. :)

Let's clean up and have a scan. There was a lot going on here so we want to be sure all the bits and pieces are gone.

Updating Java Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp). Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now please run another scan with Panda and post the report. :)

Thanks,
tea

panthershutch15
2007-01-19, 21:23
Computer is still running good and still no pop-ups..Thanks!

Here is the latest report:

Incident Status Location

Adware:adware/statblaster Not disinfected c:\windows\system32\WBCMUninst.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D9M1705NetInstaller.exe
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Adware:adware/esyndicate Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/mbkwbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/surfaccuracy Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:spyware/bridge Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\WWEXEC~1.EXE
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[apuc.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[cb.exe]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.go.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Case

panthershutch15
2007-01-19, 21:24
Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.gostats.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.target.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.webpower.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq791.tmp
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\VundoFix Backups\jisrbvfx.dll.bad
Adware:Adware/PurityScan Not disinfected C:\HJT\backups\backup-20070115-105435-134.dll

teacup61
2007-01-19, 21:38
Hello,

Loads left in the registry.:spider:

Download the trial version of Spy Sweeper from
Here (http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT14)

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread. Also please post a new HijackThis log.

Thanks,
tea

panthershutch15
2007-01-22, 02:02
Still running good...Here is the latest info:

Logfile of HijackThis v1.99.1
Scan saved at 7:01:49 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1129685037\ee\anotify.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe" -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



6:24 PM: Removal process completed. Elapsed time 00:01:07
6:24 PM: Quarantining All Traces: atwola cookie
6:24 PM: Quarantining All Traces: 180search assistant/zango
6:24 PM: Quarantining All Traces: deskwizz
6:24 PM: Quarantining All Traces: drivecleaner
6:24 PM: Quarantining All Traces: exact cashback/bargain buddy
6:24 PM: Quarantining All Traces: ezula ilookup
6:24 PM: Quarantining All Traces: ist saferscan
6:24 PM: Quarantining All Traces: elitemediagroup-pop64
6:24 PM: Quarantining All Traces: wildmedia
6:24 PM: Quarantining All Traces: subsearch
6:24 PM: Quarantining All Traces: wild media - minigolf
6:24 PM: Quarantining All Traces: ietoolbar
6:24 PM: Quarantining All Traces: kewlbar
6:24 PM: Quarantining All Traces: maxifiles
6:24 PM: Quarantining All Traces: winad
6:23 PM: Quarantining All Traces: elitemediagroup-mediamotor
6:23 PM: Quarantining All Traces: blazefind
6:23 PM: Quarantining All Traces: directrevenue-abetterinternet
6:23 PM: Quarantining All Traces: virtumonde
6:23 PM: Quarantining All Traces: zenosearchassistant
6:23 PM: Quarantining All Traces: purityscan
6:23 PM: Quarantining All Traces: vs toolbar
6:23 PM: Removal process initiated
5:44 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:44 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:13 PM: Traces Found: 58
4:13 PM: Full Sweep has completed. Elapsed time 01:32:04
4:13 PM: HKLM\software\em\ (ID = 1556188)
4:13 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/safe.tlb\ (ID = 1524765)
4:13 PM: File Sweep Complete, Elapsed Time: 01:24:30
4:04 PM: Warning: Stream read error
4:04 PM: Warning: Stream read error
3:59 PM: Warning: Stream read error
3:57 PM: Warning: Failed to access drive E:
3:57 PM: Warning: Failed to access drive D:
3:56 PM: C:\HJT\backups\backup-20070115-105439-316.inf (ID = 233153)
3:56 PM: Found Adware: deskwizz
3:56 PM: C:\HJT\backups\backup-20070115-105438-977.inf (ID = 394314)
3:56 PM: Found Adware: drivecleaner
3:53 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq770.tmp (ID = 91140)
3:53 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq769.tmp (ID = 213484)
3:50 PM: C:\Program Files\WildArcade\BlasterBlocks\blaster_blocks_demo.exe (ID = 88188)
3:50 PM: C:\Program Files\WildArcade\BlasterBlocks\uninst.exe (ID = 88857)
3:44 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
3:35 PM: Warning: Failed to open file "c:\documents and settings\case managment\application data\mozilla\firefox\profiles\k68sjwfn.default\parent.lock". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\~df52ca.tmp". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\perflib_perfdata_d78.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\~df7a8d.tmp". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\~df7265.tmp". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\ntuser.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:14 PM: C:\Documents and Settings\All Users\Application Data\IEService (2 subtraces) (ID = 2147487096)
3:02 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{4f8d0141-decd-49a9-8aac-1120a96b78ce}.bin". The process cannot access the file because it is being used by another process
2:59 PM: c:\windows\downloaded program files\conflict.1\amm06.inf (ID = 297265)
2:59 PM: c:\windows\downloaded program files\motorsix.ocx (ID = 392419)
2:59 PM: c:\windows\downloaded program files\amm06.inf (ID = 297265)
2:56 PM: C:\WINDOWS\inf\alchem.inf (ID = 83109)
2:56 PM: Found Adware: directrevenue-abetterinternet
2:53 PM: Warning: Failed to open file "c:\windows\system32\drivers\sptd.sys". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\drivers\sptd8621.sys". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process

panthershutch15
2007-01-22, 02:05
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
2:51 PM: C:\WINDOWS\system32\WBCMUninst.exe (ID = 88921)
2:49 PM: C:\WINDOWS\system32\safe.tlb (ID = 318895)
2:49 PM: C:\WINDOWS\bbi8024_MEDIAMOTOR.exe (ID = 365888)
2:49 PM: Found Adware: exact cashback/bargain buddy
2:49 PM: C:\WINDOWS\justin2a.exe (ID = 279493)
2:49 PM: Found Adware: ezula ilookup
2:48 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
2:48 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
2:48 PM: Starting File Sweep
2:48 PM: Warning: Failed to access drive A:
2:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:48 PM: c:\documents and settings\case managment\cookies\case managment@atwola[1].txt (ID = 2255)
2:48 PM: Found Spy Cookie: atwola cookie
2:48 PM: Starting Cookie Sweep
2:48 PM: Registry Sweep Complete, Elapsed Time:00:00:49
2:48 PM: HKU\S-1-5-18\software\microsoft\internet explorer\menuext\&kewlbar search\ (ID = 129544)
2:48 PM: Found Adware: kewlbar
2:48 PM: HKU\S-1-5-21-602162358-507921405-682003330-1004\software\saferscan\ (ID = 1178643)
2:48 PM: Found Adware: ist saferscan
2:48 PM: HKLM\software\addoqw\ (ID = 1836493)
2:48 PM: HKLM\software\classes\clsid\{f18f04b0-9cf1-4b93-b004-77a288bee28b}\ (ID = 1827777)
2:48 PM: HKCR\clsid\{f18f04b0-9cf1-4b93-b004-77a288bee28b}\ (ID = 1827773)
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\advanced browser\ (ID = 1818930)
2:48 PM: Found Adware: virtumonde
2:48 PM: HKLM\software\microsoft\juan\ (ID = 1781228)
2:48 PM: Found Adware: maxifiles
2:48 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (ID = 1697582)
2:48 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (ID = 1697581)
2:48 PM: Found Adware: zenosearchassistant
2:48 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\saix.dll (ID = 1156675)
2:48 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (ID = 1156667)
2:48 PM: HKLM\software\classes\saix.installercaller\ (ID = 1156661)
2:48 PM: HKLM\software\classes\saix.installercaller.1\ (ID = 1156657)
2:48 PM: HKCR\saix.installercaller\ (ID = 1156613)
2:48 PM: HKCR\saix.installercaller.1\ (ID = 1156609)
2:48 PM: Found Adware: 180search assistant/zango
2:48 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/elite.ocx\ (ID = 1137453)
2:48 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594)
2:48 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592)
2:48 PM: Found Adware: winad
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroup\ (ID = 1015939)
2:48 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (ID = 967601)
2:48 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (ID = 967541)
2:48 PM: Found Adware: elitemediagroup-pop64
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wbcm\ (ID = 146959)
2:48 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146709)
2:48 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146695)
2:48 PM: Found Adware: wildmedia
2:47 PM: HKLM\software\classes\interface\{5a4e1627-8677-41f7-b78c-4cacdf5b12ff}\ (ID = 143075)
2:47 PM: HKCR\interface\{5a4e1627-8677-41f7-b78c-4cacdf5b12ff}\ (ID = 143047)
2:47 PM: Found Adware: subsearch
2:47 PM: HKLM\software\mm\ (ID = 140211)
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mm20.ocx (ID = 140200)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm20.ocx\ (ID = 140171)
2:47 PM: Found Adware: elitemediagroup-mediamotor
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
2:47 PM: Found Adware: purityscan
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058)
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\wildapp.dll (ID = 135057)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (ID = 135052)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\ (ID = 135051)
2:47 PM: Found Adware: wild media - minigolf
2:47 PM: HKLM\software\mbkwbar\ (ID = 128249)
2:47 PM: Found Adware: ietoolbar
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (ID = 104526)
2:47 PM: Found Adware: blazefind
2:47 PM: Starting Registry Sweep
2:47 PM: Memory Sweep Complete, Elapsed Time: 00:06:37
2:43 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
2:41 PM: Starting Memory Sweep
2:41 PM: HKLM\software\classes\clsid\{f18f04b0-9cf1-4b93-b004-77a288bee28b}\inprocserver32\ (ID = 1848260)
2:41 PM: Found Adware: vs toolbar
2:40 PM: Start Full Sweep
2:40 PM: Sweep initiated using definitions version 842
2:40 PM: Spy Sweeper 5.2.3.2138 started
2:40 PM: | Start of Session, Sunday, January 21, 2007 |
********
2:40 PM: | End of Session, Sunday, January 21, 2007 |
2:38 PM: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:37 PM: Shield States
2:37 PM: Spyware Definitions: 842
2:37 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
2:36 PM: Spy Sweeper 5.2.3.2138 started
2:36 PM: Spy Sweeper 5.2.3.2138 started
2:36 PM: | Start of Session, Sunday, January 21, 2007 |
********

teacup61
2007-01-23, 21:38
Hello,

Sorry for my delayed reply. :oops:

I'd like to have a run with ComboFix, please. SpySweeper cleaned a load of gunk...wow! I want to be sure nothing is lurking about.:)

If you already have a copy, please delete it and ownload a fresh one.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

panthershutch15
2007-01-26, 23:49
"Case Managment" - 07-01-26 15:18:40 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Case Managment\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\ECURIT~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\STEM~1
C:\qoobox\purity\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~2.NET
C:\qoobox\purity\Program Files\ēSKS~1
C:\qoobox\purity\Program Files\YSTEM3~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\CASEMA~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\ēSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\YSTEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~2
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YMANTE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\MANTEC~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\TSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ēSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM32~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-21 14:23 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-21 14:23 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-21 14:23 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-21 14:23 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-21 14:23 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-21 14:23 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-21 14:23 <DIR> d-------- C:\Program Files\Webroot
2007-01-21 14:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-01-21 14:15 <DIR> d-------- C:\DOCUME~1\CASEMA~1\Application Data\Webroot
2007-01-21 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-01-19 11:44 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-17 13:07 <DIR> d-------- C:\Program Files\iTunes
2007-01-17 12:56 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-16 10:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-15 19:10 51,200 --ah----- C:\WINDOWS\system32\PackethSvc.exe
2007-01-15 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\America Online
2007-01-15 19:09 <DIR> d-------- C:\Program Files\Real
2007-01-15 19:08 370,137 --a------ C:\WINDOWS\Aolunins_us.exe
2007-01-15 19:08 370,137 --a------ C:\WINDOWS\Aolunins.exe
2007-01-15 19:08 24,640 --a------ C:\WINDOWS\system32\aolddial.dll
2007-01-15 19:08 22,640 --a------ C:\WINDOWS\system32\drivers\wandrv.sys
2007-01-15 19:08 <DIR> d-------- C:\WINDOWS\aolshare
2007-01-15 19:08 <DIR> d-------- C:\America Online 6.0
2007-01-15 14:39 618 --a------ C:\Combo.bat
2007-01-15 10:59 <DIR> d-------- C:\VundoFix Backups
2007-01-14 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-14 19:32 <DIR> d-------- C:\bintheredunthat
2007-01-14 18:01 <DIR> d-------- C:\BFU
2007-01-14 17:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 17:55 <DIR> d-------- C:\Program Files\Grisoft
2007-01-12 13:11 <DIR> d-------- C:\DOCUME~1\CASEMA~1\.housecall6.6
2007-01-12 12:04 <DIR> d-------- C:\HJT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 18:08 20461 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.sta
2007-01-14 18:08 113367 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.rul
2007-01-11 10:29 191488 -r-hs---- C:\WINDOWS\system32\wwexec~1.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 17:37 -------- d-------- C:\DOCUME~1\CASEMA~1\Application Data\yahoo!
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-15 19:57 135188 --a------ C:\WINDOWS\system32\nwyaddle.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 17:00 1484 --a------ C:\PPCleanDeleteAtReboot.bat
2006-10-29 14:30 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-29 13:23 65536 --a------ C:\WINDOWS\mmxonehour.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.12.1.1\\PlaxoHelper.exe -a"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"iRiver Updater"="\\Updater.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="\"C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe\" /autostart"
"YBrowser"="\"C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe\""
"Mell Reg Reminder"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RealTray"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://active.ieplugin.com/active/?17196760

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-26 15:24:22
C:\ComboFix3.txt ... 07-01-15 14:39
C:\ComboFix2.txt ... 07-01-15 18:18

panthershutch15
2007-01-26, 23:49
Logfile of HijackThis v1.99.1
Scan saved at 4:48:30 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Sorry for the delay..busy week.

Still running good!

teacup61
2007-01-27, 06:41
Hello,

That was a lot of Purity Scan you had there.:spider: I'm glad it's still running well, and your log looks good. BUT.....since we keep finding things, I'd like to see another scan with Panda, please . When we don't find anything else is when we'll be done. ;)

Thanks,
tea

panthershutch15
2007-02-03, 17:22
I will try to update with the latest today, tomorrow at the latest.

Sorry for the delay, been busy and out of town this past week.

Thanks again!

teacup61
2007-02-03, 23:07
Hello,

It's quite all right....real life sometimes happens. ;)

tea

panthershutch15
2007-02-07, 02:31
Okay, I've tried the Panda scan 2 in the last 2 days and both times I leave the computer with the scan running (because it takes awhile) and I come back to the scan stopped and no longer working, then everything gets frozen when I click another window.

I will try it again tonight and will post tomorrow if successful.

Thanks for being patient, I'm trying!!

teacup61
2007-02-07, 08:11
Hello,

Have another run with SpySweeper first, then try Panda. I know you're trying...this garbage just wreaks havoc.:mad:

All we can do is our best! :bigthumb:

Regards,
tea

panthershutch15
2007-02-10, 19:28
I tried every day this week and can't get all the way through the panda scan..

I am going to try one more time after I post this, I'll let you know what happens.

And, my trial of spysweeper expired so I couldn't run another scan with that as well.'

Thanks again for your help and patience

panthershutch15
2007-02-15, 09:42
Still nothing...

My main browser that I always use is Firefox, which you can't use with the Panda scan.

So I do have an Aol IE browser, but I've tried multiple times each day for the past week and it never finishes, always freezes.

So, I just downloaded a regular internet explorer and I can't even get the scan to pop up...It pops up for a second, then disappears right away. No matter how I change my pop-up blocker or security settings I cannot get the darn thing to stay.

teacup61
2007-02-17, 11:24
Hello,

Well rats.:mad:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.


Thanks,
tea

panthershutch15
2007-02-20, 02:39
Logfile of HijackThis v1.99.1
Scan saved at 7:38:47 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



hosts.old;C:\WINDOWS\system32\drivers\etc;Trojan.Qhost;Deleted.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP423.tmp\aspapp;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3899.1.16;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3991.4.16;Probably BACKDOOR.Trojan;;
setup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite;Probably BACKDOOR.Trojan;;
aolsetup.exe;C:\Program Files\Common Files\AOL\1129685037\ee\services\softwareUpdate\ver2_14_2_30;Probably BACKDOOR.Trojan;;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;;
A0121194.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1182;Trojan.StatBlasterAd;Incurable.Moved.;
A0121484.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1187;Probably BACKDOOR.Trojan;;
A0123317.old;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1206;Trojan.Qhost;Deleted.;
A0116734.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143;Trojan.Fakealert;Deleted.;
A0117874.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1145;Probably BACKDOOR.Trojan;;
A0118391.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148;Trojan.Fakealert;Deleted.;
A0119758.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1169;Trojan.Virtumod;Deleted.;
A0119775.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119776.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119777.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119782.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.DownLoader.17379;Deleted.;
A0119784.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119785.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119786.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119787.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119788.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.MediaTicket;;
A0119789.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.MulDrop.4313;Deleted.;
A0119790.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.MulDrop.4313;Deleted.;
A0119791.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.DownLoader.11426;Deleted.;
A0119794.exe\data001;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171\A0119794.exe;Adware.Bagon;;
A0119794.exe\data002;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171\A0119794.exe;Adware.Bagon;;
A0119794.exe\data003;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171\A0119794.exe;Trojan.DownLoader.10588;;
A0119794.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Archive contains infected objects;Moved.;
A0119795.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Winpop;Deleted.;
A0119797.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.Adrotate;;
A0119799.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.Ezula;;
A0119800.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.ZenoSearch;;
A0119801.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.ZenoSearch;;
A0119802.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.IEDriver;;
A0119803.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.MediaTicket;;
A0119804.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.BookedSpace;;
A0119805.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.DownLoader.10588;Deleted.;
A0119806.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.Relevant;;
A0119807.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.Mirarbar;;
A0119809.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.SurfAcc;;
A0119812.DLL;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Trojan.Virtumod;Deleted.;
A0119832.ocx;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171;Adware.Gdown;;
A0120083.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1172;Adware.ClickSpring;;
A0120097.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1172;Trojan.Juan;Deleted.;
A0120383.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1172;Trojan.Virtumod;Deleted.;
A0120384.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1172;Trojan.Virtumod;Deleted.;
A0120385.dll;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1172;Trojan.Virtumod;Deleted.;
A0116169.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140;Trojan.Fakealert;Deleted.;
A0116194.exe;C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140;Trojan.DownLoader.10963;Deleted.;
jisrbvfx.dll.bad;C:\VundoFix Backups;Trojan.Juan;Deleted.;
backup-20070115-105435-134.dll;C:\HJT\backups;Adware.ClickSpring;;


Thanks!

teacup61
2007-02-20, 06:52
Hello,

How is it running? Are you still getting popups? If you are, please tell me exactly what kind of popups they are. Good that you got the Dr. to run. :bigthumb:

Regards,
tea

panthershutch15
2007-02-22, 01:52
Still no popups!

It still runs a tiny bit sluggish, but it is miles better than when we first began.

Thanks!

teacup61
2007-02-26, 21:04
Hello,

If all is still good after a few days, I believe we're done. Your last log was clean, and you said there were no more popups.:bigthumb:

Some excellent reading here for future reference.:) http://mvps.org/winhelp2002/unwanted.htm

Regards,
tea