Help with popups

Only one user account on this PC...Everyone uses the same one, but there are 4 users.


I will run the vundofix tonight if I am able to or tomorrow (I have to leave right now).

Thanks again for all of the help.
 
^^ that was me, I think that is my girlfriend who left the login info on my computer...She is going through this process on this forum at her house as well and that was the username at their house...Didn't realize she had logged me out.
 
VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 10:59:57 AM 1/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jisrbvfx.dll
C:\WINDOWS\system32\jisrbvfx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 12:53:44 PM 1/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 6:07:13 PM 1/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

Beginning removal...

Performing Repairs to the registry.
Done!





Logfile of HijackThis v1.99.1
Scan saved at 11:32:19 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1129685037\ee\anotify.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 
Hello,

Popups still gone? Let me know how it's running. :)

Let's clean up and have a scan. There was a lot going on here so we want to be sure all the bits and pieces are gone.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now please run another scan with Panda and post the report. :)

Thanks,
tea
 
Computer is still running good and still no pop-ups..Thanks!

Here is the latest report:

Incident Status Location

Adware:adware/statblaster Not disinfected c:\windows\system32\WBCMUninst.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D9M1705NetInstaller.exe
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Adware:adware/esyndicate Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/mbkwbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/surfaccuracy Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:spyware/bridge Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\WWEXEC~1.EXE
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[apuc.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[cb.exe]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.go.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Case
 
Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.gostats.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.target.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.webpower.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq791.tmp
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\VundoFix Backups\jisrbvfx.dll.bad
Adware:Adware/PurityScan Not disinfected C:\HJT\backups\backup-20070115-105435-134.dll
 
Hello,

Loads left in the registry.:spider:

Download the trial version of Spy Sweeper from
Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread. Also please post a new HijackThis log.

Thanks,
tea
 
Still running good...Here is the latest info:

Logfile of HijackThis v1.99.1
Scan saved at 7:01:49 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1129685037\ee\anotify.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe" -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



6:24 PM: Removal process completed. Elapsed time 00:01:07
6:24 PM: Quarantining All Traces: atwola cookie
6:24 PM: Quarantining All Traces: 180search assistant/zango
6:24 PM: Quarantining All Traces: deskwizz
6:24 PM: Quarantining All Traces: drivecleaner
6:24 PM: Quarantining All Traces: exact cashback/bargain buddy
6:24 PM: Quarantining All Traces: ezula ilookup
6:24 PM: Quarantining All Traces: ist saferscan
6:24 PM: Quarantining All Traces: elitemediagroup-pop64
6:24 PM: Quarantining All Traces: wildmedia
6:24 PM: Quarantining All Traces: subsearch
6:24 PM: Quarantining All Traces: wild media - minigolf
6:24 PM: Quarantining All Traces: ietoolbar
6:24 PM: Quarantining All Traces: kewlbar
6:24 PM: Quarantining All Traces: maxifiles
6:24 PM: Quarantining All Traces: winad
6:23 PM: Quarantining All Traces: elitemediagroup-mediamotor
6:23 PM: Quarantining All Traces: blazefind
6:23 PM: Quarantining All Traces: directrevenue-abetterinternet
6:23 PM: Quarantining All Traces: virtumonde
6:23 PM: Quarantining All Traces: zenosearchassistant
6:23 PM: Quarantining All Traces: purityscan
6:23 PM: Quarantining All Traces: vs toolbar
6:23 PM: Removal process initiated
5:44 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:44 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:13 PM: Traces Found: 58
4:13 PM: Full Sweep has completed. Elapsed time 01:32:04
4:13 PM: HKLM\software\em\ (ID = 1556188)
4:13 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/safe.tlb\ (ID = 1524765)
4:13 PM: File Sweep Complete, Elapsed Time: 01:24:30
4:04 PM: Warning: Stream read error
4:04 PM: Warning: Stream read error
3:59 PM: Warning: Stream read error
3:57 PM: Warning: Failed to access drive E:
3:57 PM: Warning: Failed to access drive D:
3:56 PM: C:\HJT\backups\backup-20070115-105439-316.inf (ID = 233153)
3:56 PM: Found Adware: deskwizz
3:56 PM: C:\HJT\backups\backup-20070115-105438-977.inf (ID = 394314)
3:56 PM: Found Adware: drivecleaner
3:53 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq770.tmp (ID = 91140)
3:53 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq769.tmp (ID = 213484)
3:50 PM: C:\Program Files\WildArcade\BlasterBlocks\blaster_blocks_demo.exe (ID = 88188)
3:50 PM: C:\Program Files\WildArcade\BlasterBlocks\uninst.exe (ID = 88857)
3:44 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
3:35 PM: Warning: Failed to open file "c:\documents and settings\case managment\application data\mozilla\firefox\profiles\k68sjwfn.default\parent.lock". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\~df52ca.tmp". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\perflib_perfdata_d78.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\~df7a8d.tmp". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\local settings\temp\~df7265.tmp". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\ntuser.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\case managment\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
3:18 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:14 PM: C:\Documents and Settings\All Users\Application Data\IEService (2 subtraces) (ID = 2147487096)
3:02 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{4f8d0141-decd-49a9-8aac-1120a96b78ce}.bin". The process cannot access the file because it is being used by another process
2:59 PM: c:\windows\downloaded program files\conflict.1\amm06.inf (ID = 297265)
2:59 PM: c:\windows\downloaded program files\motorsix.ocx (ID = 392419)
2:59 PM: c:\windows\downloaded program files\amm06.inf (ID = 297265)
2:56 PM: C:\WINDOWS\inf\alchem.inf (ID = 83109)
2:56 PM: Found Adware: directrevenue-abetterinternet
2:53 PM: Warning: Failed to open file "c:\windows\system32\drivers\sptd.sys". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\drivers\sptd8621.sys". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
 
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
2:52 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
2:51 PM: C:\WINDOWS\system32\WBCMUninst.exe (ID = 88921)
2:49 PM: C:\WINDOWS\system32\safe.tlb (ID = 318895)
2:49 PM: C:\WINDOWS\bbi8024_MEDIAMOTOR.exe (ID = 365888)
2:49 PM: Found Adware: exact cashback/bargain buddy
2:49 PM: C:\WINDOWS\justin2a.exe (ID = 279493)
2:49 PM: Found Adware: ezula ilookup
2:48 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
2:48 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
2:48 PM: Starting File Sweep
2:48 PM: Warning: Failed to access drive A:
2:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:48 PM: c:\documents and settings\case managment\cookies\case managment@atwola[1].txt (ID = 2255)
2:48 PM: Found Spy Cookie: atwola cookie
2:48 PM: Starting Cookie Sweep
2:48 PM: Registry Sweep Complete, Elapsed Time:00:00:49
2:48 PM: HKU\S-1-5-18\software\microsoft\internet explorer\menuext\&kewlbar search\ (ID = 129544)
2:48 PM: Found Adware: kewlbar
2:48 PM: HKU\S-1-5-21-602162358-507921405-682003330-1004\software\saferscan\ (ID = 1178643)
2:48 PM: Found Adware: ist saferscan
2:48 PM: HKLM\software\addoqw\ (ID = 1836493)
2:48 PM: HKLM\software\classes\clsid\{f18f04b0-9cf1-4b93-b004-77a288bee28b}\ (ID = 1827777)
2:48 PM: HKCR\clsid\{f18f04b0-9cf1-4b93-b004-77a288bee28b}\ (ID = 1827773)
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\advanced browser\ (ID = 1818930)
2:48 PM: Found Adware: virtumonde
2:48 PM: HKLM\software\microsoft\juan\ (ID = 1781228)
2:48 PM: Found Adware: maxifiles
2:48 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (ID = 1697582)
2:48 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (ID = 1697581)
2:48 PM: Found Adware: zenosearchassistant
2:48 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\saix.dll (ID = 1156675)
2:48 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (ID = 1156667)
2:48 PM: HKLM\software\classes\saix.installercaller\ (ID = 1156661)
2:48 PM: HKLM\software\classes\saix.installercaller.1\ (ID = 1156657)
2:48 PM: HKCR\saix.installercaller\ (ID = 1156613)
2:48 PM: HKCR\saix.installercaller.1\ (ID = 1156609)
2:48 PM: Found Adware: 180search assistant/zango
2:48 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/elite.ocx\ (ID = 1137453)
2:48 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594)
2:48 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592)
2:48 PM: Found Adware: winad
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroup\ (ID = 1015939)
2:48 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (ID = 967601)
2:48 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (ID = 967541)
2:48 PM: Found Adware: elitemediagroup-pop64
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wbcm\ (ID = 146959)
2:48 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146709)
2:48 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146695)
2:48 PM: Found Adware: wildmedia
2:47 PM: HKLM\software\classes\interface\{5a4e1627-8677-41f7-b78c-4cacdf5b12ff}\ (ID = 143075)
2:47 PM: HKCR\interface\{5a4e1627-8677-41f7-b78c-4cacdf5b12ff}\ (ID = 143047)
2:47 PM: Found Adware: subsearch
2:47 PM: HKLM\software\mm\ (ID = 140211)
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mm20.ocx (ID = 140200)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm20.ocx\ (ID = 140171)
2:47 PM: Found Adware: elitemediagroup-mediamotor
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
2:47 PM: Found Adware: purityscan
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058)
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\wildapp.dll (ID = 135057)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (ID = 135052)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\ (ID = 135051)
2:47 PM: Found Adware: wild media - minigolf
2:47 PM: HKLM\software\mbkwbar\ (ID = 128249)
2:47 PM: Found Adware: ietoolbar
2:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
2:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (ID = 104526)
2:47 PM: Found Adware: blazefind
2:47 PM: Starting Registry Sweep
2:47 PM: Memory Sweep Complete, Elapsed Time: 00:06:37
2:43 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
2:41 PM: Starting Memory Sweep
2:41 PM: HKLM\software\classes\clsid\{f18f04b0-9cf1-4b93-b004-77a288bee28b}\inprocserver32\ (ID = 1848260)
2:41 PM: Found Adware: vs toolbar
2:40 PM: Start Full Sweep
2:40 PM: Sweep initiated using definitions version 842
2:40 PM: Spy Sweeper 5.2.3.2138 started
2:40 PM: | Start of Session, Sunday, January 21, 2007 |
********
2:40 PM: | End of Session, Sunday, January 21, 2007 |
2:38 PM: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:37 PM: Shield States
2:37 PM: Spyware Definitions: 842
2:37 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
2:36 PM: Spy Sweeper 5.2.3.2138 started
2:36 PM: Spy Sweeper 5.2.3.2138 started
2:36 PM: | Start of Session, Sunday, January 21, 2007 |
********
 
Hello,

Sorry for my delayed reply. :oops:

I'd like to have a run with ComboFix, please. SpySweeper cleaned a load of gunk...wow! I want to be sure nothing is lurking about.:)

If you already have a copy, please delete it and ownload a fresh one.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
 
"Case Managment" - 07-01-26 15:18:40 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Case Managment\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\ECURIT~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\STEM~1
C:\qoobox\purity\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~2.NET
C:\qoobox\purity\Program Files\çSKS~1
C:\qoobox\purity\Program Files\YSTEM3~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\CASEMA~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\çSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\YSTEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~2
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YMANTE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\MANTEC~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\TSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\çSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM32~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-21 14:23 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-21 14:23 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-21 14:23 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-21 14:23 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-21 14:23 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-21 14:23 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-21 14:23 <DIR> d-------- C:\Program Files\Webroot
2007-01-21 14:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-01-21 14:15 <DIR> d-------- C:\DOCUME~1\CASEMA~1\Application Data\Webroot
2007-01-21 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-01-19 11:44 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-17 13:07 <DIR> d-------- C:\Program Files\iTunes
2007-01-17 12:56 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-16 10:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-15 19:10 51,200 --ah----- C:\WINDOWS\system32\PackethSvc.exe
2007-01-15 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\America Online
2007-01-15 19:09 <DIR> d-------- C:\Program Files\Real
2007-01-15 19:08 370,137 --a------ C:\WINDOWS\Aolunins_us.exe
2007-01-15 19:08 370,137 --a------ C:\WINDOWS\Aolunins.exe
2007-01-15 19:08 24,640 --a------ C:\WINDOWS\system32\aolddial.dll
2007-01-15 19:08 22,640 --a------ C:\WINDOWS\system32\drivers\wandrv.sys
2007-01-15 19:08 <DIR> d-------- C:\WINDOWS\aolshare
2007-01-15 19:08 <DIR> d-------- C:\America Online 6.0
2007-01-15 14:39 618 --a------ C:\Combo.bat
2007-01-15 10:59 <DIR> d-------- C:\VundoFix Backups
2007-01-14 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-14 19:32 <DIR> d-------- C:\bintheredunthat
2007-01-14 18:01 <DIR> d-------- C:\BFU
2007-01-14 17:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 17:55 <DIR> d-------- C:\Program Files\Grisoft
2007-01-12 13:11 <DIR> d-------- C:\DOCUME~1\CASEMA~1\.housecall6.6
2007-01-12 12:04 <DIR> d-------- C:\HJT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 18:08 20461 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.sta
2007-01-14 18:08 113367 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.rul
2007-01-11 10:29 191488 -r-hs---- C:\WINDOWS\system32\wwexec~1.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 17:37 -------- d-------- C:\DOCUME~1\CASEMA~1\Application Data\yahoo!
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-15 19:57 135188 --a------ C:\WINDOWS\system32\nwyaddle.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 17:00 1484 --a------ C:\PPCleanDeleteAtReboot.bat
2006-10-29 14:30 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-29 13:23 65536 --a------ C:\WINDOWS\mmxonehour.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.12.1.1\\PlaxoHelper.exe -a"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"iRiver Updater"="\\Updater.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="\"C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe\" /autostart"
"YBrowser"="\"C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe\""
"Mell Reg Reminder"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RealTray"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://active.ieplugin.com/active/?17196760

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-26 15:24:22
C:\ComboFix3.txt ... 07-01-15 14:39
C:\ComboFix2.txt ... 07-01-15 18:18
 
Logfile of HijackThis v1.99.1
Scan saved at 4:48:30 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\America Online 6.0\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Sorry for the delay..busy week.

Still running good!
 
Hello,

That was a lot of Purity Scan you had there.:spider: I'm glad it's still running well, and your log looks good. BUT.....since we keep finding things, I'd like to see another scan with Panda, please . When we don't find anything else is when we'll be done. ;)

Thanks,
tea
 
I will try to update with the latest today, tomorrow at the latest.

Sorry for the delay, been busy and out of town this past week.

Thanks again!
 
Okay, I've tried the Panda scan 2 in the last 2 days and both times I leave the computer with the scan running (because it takes awhile) and I come back to the scan stopped and no longer working, then everything gets frozen when I click another window.

I will try it again tonight and will post tomorrow if successful.

Thanks for being patient, I'm trying!!
 
Hello,

Have another run with SpySweeper first, then try Panda. I know you're trying...this garbage just wreaks havoc.:mad:

All we can do is our best! :bigthumb:

Regards,
tea
 
I tried every day this week and can't get all the way through the panda scan..

I am going to try one more time after I post this, I'll let you know what happens.

And, my trial of spysweeper expired so I couldn't run another scan with that as well.'

Thanks again for your help and patience
 
Still nothing...

My main browser that I always use is Firefox, which you can't use with the Panda scan.

So I do have an Aol IE browser, but I've tried multiple times each day for the past week and it never finishes, always freezes.

So, I just downloaded a regular internet explorer and I can't even get the scan to pop up...It pops up for a second, then disappears right away. No matter how I change my pop-up blocker or security settings I cannot get the darn thing to stay.
 
You must log in or register to reply here.
Back
Top