Help with popups

P

panthershutch15

New member
I sometimes leave my PC to come back to 20+ pop-ups from internet explorer at the bottom of my screen. Sometimes they are not there, but when this happens the computer performance is terrible and trying to close each pop-up just freezes the computer.

The computer is probably 3-4 years old and is the family computer. I've tried many pop-up blockers and virus scanners, but this is still a problem. I do not even use Internet Explorer as my web browser and have tried to uninstall it, but the pop-ups still come from Internet Explorer, often times saying "About: blank"

Here is the only result from the eTrust antivirus scanner:

Scan Results: 68176 files scanned. 1 virus was detected.

File Infection Status Path
smzou.dll Win32/Clspring.GF infected C:\WINDOWS\system32\

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:42 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
c:\program files\common files\aol\1129685037\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1129685037\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [82186d127b7a] C:\WINDOWS\System32\dnsrslvr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\a.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
O4 - HKLM\..\Run: [anotherap2] C:\WINDOWS\mmpopoct.exe
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xwkvhthc.dll",setvm
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s...r/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (ISEXEng) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I notice a lot of things from AOL in the HJT log....I stopped using AOL about a year ago and no longer need anything from them.. I now use SBC Yahoo.

Thanks for the help! It is appreciated!
Kris
 
Hello Kris,

Welcome to Safer Networking Forums :)

Quite a bit going on here, so the AOL stuff will get done a bit later, but we will get rid of it. ;)



1. Download AVG Anti-Spyware (formerly Ewido) from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete, run AVG and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close AVG and reboot your system back into Normal Mode.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon
    foldericon.png
    and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG text report that you saved and a new HiJackThis log.

Thanks,
tea
 
Thank you for the welcome and for the help...It is greatly appreciated.

I went through everything you asked me to do. The information you have asked for is below.

** The AVG scan report doesn't seem to want to open correctly, just a bunch of symbols and letters....So, I went back into AVG and posted the report from inside the program **

Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 7:37:23 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Updater.exe
C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mmxonehour.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\tASKS\smss.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
c:\program files\common files\aol\1129685037\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1129685037\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\system32\WWEXEC~1.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s...r/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:23:19 PM 1/14/2007

+ Scan result:



C:\WINDOWS\system32\bitsprx4.dll -> Adware.AdRotate : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\axo.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113837.EXE -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113838.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\apgfllvh.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\epi_sca6.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76A.tmp -> Adware.EliteMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsy1C44.dll -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{746455FE-D059-47E7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnsrslvr.exe -> Adware.IEDriver : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildArcade -> Adware.MidAddle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1108\A0114019.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Support Software -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Support Software\Params -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temp\temp.fr1AD6 -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temp\temp.fr447B -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1095\A0113214.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1096\A0113262.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1103\A0113476.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113718.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116742.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116743.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smzou.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\rk.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1146\A0118167.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1146\A0118168.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\Uninstall.exe -> Adware.SearchClickAds : Cleaned with backup (quarantined).
C:\Program Files\KewlBar 5.0\toolbar.dll -> Adware.SearchIt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp\SAccU.exe -> Adware.SurfAcc : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DC6_check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D487068E-9B04-4FE5-8A83-08344F800BF5} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113722.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113913.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113917.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113918.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113920.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113921.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113922.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113939.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\A0113951.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\snapshot\MFEX-2.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\snapshot\MFEX-20.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1107\snapshot\MFEX-43.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113914.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116190.dll -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116191.exe -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116156.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116157.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116158.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116159.INI -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116160.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116163.DLL -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116164.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116167.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116168.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116171.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116172.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116174.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116726.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116727.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116728.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116729.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1146\A0118331.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118378.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118379.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118380.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118381.INI -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118382.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118385.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118386.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118389.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118390.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118393.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118394.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1148\A0118396.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119135.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119140.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119141.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119142.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1150\A0119143.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-507921405-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temporary Internet Files\Content.IE5\44T9YT85\installdrivecleanerstart[1].cab/UDC6_0001_D19M2808NetInstaller.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116187.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116188.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76C.tmp -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nwinpsap.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qwintsap.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bcjcjpxc.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fbbtsmxb.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mbbdyrwo.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sqjpejod.dll -> Downloader.Agent.bac : Cleaned with backup (quarantined).
C:\WINDOWS\Driver Cache\hardbin.dll -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\WINDOWS\ab_01.exe -> Downloader.Agent.bai : Cleaned with backup (quarantined).
[1268] C:\WINDOWS\Driver Cache\hardbin.dll -> Downloader.Agent.bai : Cleaned with backup (quarantined).
[252] C:\WINDOWS\Driver Cache\hardbin.dll -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1115\A0114203.EXE -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.be : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116747.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\WINDOWS\Taga96.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\a.exe -> Downloader.VB.xq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1147\A0118336.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\919_131.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1106\A0113861.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\mmpopoct.exe -> Hijacker.VB.qd : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Local Settings\Temp\temp.frBA1E -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1171\snapshot\MFEX-4.DAT -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Case Managment\Cookies\case managment@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@paidmarketingpanel.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.18:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
 
:mozilla.30:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.36:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.815:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.877:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.730:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.731:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.732:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.809:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.811:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.812:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@admarketplace[3].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.260:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.261:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.262:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.263:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.265:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.266:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.290:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstbeacon[5].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.130:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.139:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.141:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Burstnet : Cleaned.
:mozilla.778:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.779:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.780:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.781:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www3.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Clickbank : Cleaned.
:mozilla.579:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@vip.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cliks[3].txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.219:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.224:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78D.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.413:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.559:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.560:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.607:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.614:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.615:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.716:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.795:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.796:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.797:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.798:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.799:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.856:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.857:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.858:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.861:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.610:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.611:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.612:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.613:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.334:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.335:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.336:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.580:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.581:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.582:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case
 
managment@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@goldenpalace[3].txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.364:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.668:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.673:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned.
:mozilla.627:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.628:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.629:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.742:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.819:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.820:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.821:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.523:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.722:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.723:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.724:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.618:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.619:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.620:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.621:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.622:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.623:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@h.starware[3].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.390:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.392:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.393:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.394:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.395:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.396:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.397:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.399:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.400:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.401:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.402:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq792.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.382:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.383:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@anat.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq793.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq794.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq795.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@a.tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> TrackingCookie.Weborama : Cleaned.
:mozilla.129:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.140:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.142:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[5].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@ad.yieldmanager[7].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Case Managment\Cookies\case managment@yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78A.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78C.tmp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.568:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.569:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.570:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.571:C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\utmmifxe.dll -> Trojan.BHO.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1140\A0116189.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051018214002.zip/WINDOWS/systb.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\WINDOWS\msbbi.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76B.tmp -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1094\A0113208.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1095\A0113216.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1096\A0113264.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1103\A0113477.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113715.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1115\A0114207.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1143\A0116744.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113719.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A31A68A-3074-412B-80BD-6AA56718040D}\RP1105\A0113720.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\Setup99.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end
 
Hello,

Okay, lots to do this time, so before beginning, you may want to save these instructions to Notepad or print them out for easier reference.

Via Add/Remove Programs, uninstall/remove anything relating to AOL.

Also uninstall Spyware-Cop
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Reboot when you're done removing those.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause <-----it's never good to have P2P on startup!!
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following, if still present:

C:\PROGRA~1\COMMON~1\AOL<----this folder
C:\Program Files\AOL Toolbar<----this folder
C:\Program Files\KewlBar<----this folder
C:\Program Files\America Online 9.0b<----this folder
C:\PROGRA~1\SPYWAR~1<----this will be the Spyware-Cop folder

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

How is your computer running after all that? :)

Thanks,
tea
 
Here are the Vundofix results..


VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.7

Scan started at 10:59:57 AM 1/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\jisrbvfx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jisrbvfx.dll
C:\WINDOWS\system32\jisrbvfx.dll Has been deleted!

Performing Repairs to the registry.
Done!



Combfix file:

"Case Managment" - 07-01-15 14:31:42 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Case Managment\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\INSTALL.LOG
C:\WINDOWS\Eim03.exe
C:\Program Files\Outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\ECURIT~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\STEM~1
C:\qoobox\purity\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~2.NET
C:\qoobox\purity\Program Files\çSKS~1
C:\qoobox\purity\Program Files\YSTEM3~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\CASEMA~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\çSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\YSTEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~2
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YMANTE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\MANTEC~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\TSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\çSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM32~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-15 10:59 <DIR> d-------- C:\VundoFix Backups
2007-01-14 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-14 19:32 <DIR> d-------- C:\bintheredunthat
2007-01-14 19:29 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2007-01-14 18:01 <DIR> d-------- C:\BFU
2007-01-14 17:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 17:55 <DIR> d-------- C:\Program Files\Grisoft
2007-01-14 12:01 124,180 --a------ C:\WINDOWS\system32\cxejgras.dll
2007-01-12 13:11 <DIR> d-------- C:\DOCUME~1\CASEMA~1\.housecall6.6
2007-01-12 12:04 <DIR> d-------- C:\HJT
2006-12-27 11:16 147,476 --a------ C:\WINDOWS\system32\qjtoemgs.dll
2006-12-15 13:18 124,180 --a------ C:\WINDOWS\system32\anywrkng.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 18:08 20461 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.sta
2007-01-14 18:08 113367 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.rul
2007-01-11 10:29 191488 -r-hs---- C:\WINDOWS\system32\wwexec~1.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-15 19:57 135188 --a------ C:\WINDOWS\system32\nwyaddle.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 17:00 1484 --a------ C:\PPCleanDeleteAtReboot.bat
2006-10-29 14:30 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-29 13:23 65536 --a------ C:\WINDOWS\mmxonehour.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"iRiver Updater"="\\Updater.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"Mell Reg Reminder"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://active.ieplugin.com/active/?17196760

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070115-105442-737
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
backup-20070115-105441-932
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
backup-20070115-105442-521
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
backup-20070115-105441-499
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
backup-20070115-105440-742
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s...r/files/WinAntiVirusPro2006ScannerInstall.cab
backup-20070115-105440-413
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20070115-105439-316
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20070115-105441-239
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
backup-20070115-105438-446
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
backup-20070115-105438-548
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
backup-20070115-105438-225
O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070115-105438-471
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
backup-20070115-105438-212
O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070115-105438-808
O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070115-105438-609
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
backup-20070115-105438-342
O15 - Trusted Zone: *.kabum.pl (HKLM)
backup-20070115-105438-441
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070115-105438-892
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
backup-20070115-105438-497
O15 - Trusted Zone: *.gimmycash.com (HKLM)
backup-20070115-105438-452
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
backup-20070115-105438-800
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070115-105438-106
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
backup-20070115-105438-249
O15 - Trusted Zone: *.freeemotes.com
backup-20070115-105438-894
O15 - Trusted Zone: *.elitemediagroup.net
backup-20070115-105437-832
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
backup-20070115-105438-977
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
backup-20070115-105436-366
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-322
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105436-670
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
backup-20070115-105435-493
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-808
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105435-458
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
backup-20070115-105435-640
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
backup-20070115-105435-539
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
backup-20070115-105435-105
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
backup-20070115-105435-407
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20070115-105435-768
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
backup-20070115-105435-155
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
backup-20070115-105435-430
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
backup-20070115-105435-415
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
backup-20070115-105435-212
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
backup-20070115-105435-883
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
backup-20070115-105435-132
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
backup-20070115-105435-843
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
backup-20070115-105435-521
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20070115-105435-660
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
backup-20070115-105435-733
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
backup-20070115-105435-522
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
backup-20070115-105435-672
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
backup-20070115-105435-447
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
backup-20070115-105435-346
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
backup-20070115-105435-874
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
backup-20070115-105435-453
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
backup-20070115-105435-720
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
backup-20070115-105435-838
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070115-105435-887
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-302
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
backup-20070115-105435-804
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
backup-20070115-105435-726
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
backup-20070115-105435-997
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-661
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
backup-20070115-105435-743
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
backup-20070115-105435-439
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
backup-20070115-105435-134
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-735
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070115-105435-998
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
backup-20070115-105435-244
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
backup-20070115-105435-771
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
backup-20070115-105435-440
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
backup-20070115-105435-572
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
backup-20070115-105435-305
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-483
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
backup-20070115-105435-273
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-668
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-431
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
backup-20070115-105435-524
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
backup-20070115-105435-639
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-15 14:39:33
 
HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:58:41 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Thanks for all of the help again.

The PC seems to be running a bit faster and in the last 20-30 minutes of being online I have not had any popups.
 
Forgot to mention, I couldn't find the following...


Navigate to and delete the following, if still present:

C:\PROGRA~1\COMMON~1\AOL<----this folder
C:\PROGRA~1\SPYWAR~1<----this will be the Spyware-Cop folder
 
Hello,

This looks much better! Glad to know it's running better too. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\pidrah.dat (file missing)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<---this is a resource hog deluxe.

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following files, if present:

C:\WINDOWS\system32\anywrkng.dll << This file
C:\WINDOWS\system32\qjtoemgs.dll << This file
C:\WINDOWS\system32\cxejgras.dll << This file
C:\WINDOWS\system32\wintsvtr.exe << This file

Do a search for and delete anything AOL.

Reboot your computer.

Please run ComboFix again and post the report, along with a new HijackThis log. Let me know how all this went. We may have to get tough with AOL. Do you still use AIM? I didn't include it before, since I know you can use it independently of AOL itself. :)

Thanks,
tea
 
Logfile of HijackThis v1.99.1
Scan saved at 6:19:45 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\cmd.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Case Managment" - 07-01-15 14:31:42 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Case Managment\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\INSTALL.LOG
C:\WINDOWS\Eim03.exe
C:\Program Files\Outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\ECURIT~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\STEM~1
C:\qoobox\purity\WINDOWS\system32\SSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\ICROSO~2.NET
C:\qoobox\purity\Program Files\çSKS~1
C:\qoobox\purity\Program Files\YSTEM3~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\CASEMA~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\çSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\YSTEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\RACLE~2
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YMANTE~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\MANTEC~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\TSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\çSKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM32~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\STEM~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\CASEMA~1\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-15 10:59 <DIR> d-------- C:\VundoFix Backups
2007-01-14 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-14 19:32 <DIR> d-------- C:\bintheredunthat
2007-01-14 19:29 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2007-01-14 18:01 <DIR> d-------- C:\BFU
2007-01-14 17:55 3,968 --a------
 
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 17:55 <DIR> d-------- C:\Program Files\Grisoft
2007-01-14 12:01 124,180 --a------ C:\WINDOWS\system32\cxejgras.dll
2007-01-12 13:11 <DIR> d-------- C:\DOCUME~1\CASEMA~1\.housecall6.6
2007-01-12 12:04 <DIR> d-------- C:\HJT
2006-12-27 11:16 147,476 --a------ C:\WINDOWS\system32\qjtoemgs.dll
2006-12-15 13:18 124,180 --a------ C:\WINDOWS\system32\anywrkng.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 18:08 20461 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.sta
2007-01-14 18:08 113367 --ahs---- C:\DOCUME~1\CASEMA~1\Application Data\6f0a2769d6d74833a16b554fde872443.rul
2007-01-11 10:29 191488 -r-hs---- C:\WINDOWS\system32\wwexec~1.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-15 19:57 135188 --a------ C:\WINDOWS\system32\nwyaddle.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 17:00 1484 --a------ C:\PPCleanDeleteAtReboot.bat
2006-10-29 14:30 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-29 13:23 65536 --a------ C:\WINDOWS\mmxonehour.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"iRiver Updater"="\\Updater.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"Mell Reg Reminder"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://active.ieplugin.com/active/?17196760

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070115-105442-737
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
backup-20070115-105441-932
O20 - Winlogon Notify: runlog - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\golnur.dat (file missing)
backup-20070115-105442-521
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
backup-20070115-105441-499
O20 - Winlogon Notify: hardbin - C:\WINDOWS\Driver Cache\hardbin.dll (file missing)
backup-20070115-105440-742
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s...r/files/WinAntiVirusPro2006ScannerInstall.cab
backup-20070115-105440-413
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20070115-105439-316
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
backup-20070115-105441-239
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
backup-20070115-105438-446
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} (ax1 Class) - http://www.terp17.com/ax/axo.cab
backup-20070115-105438-548
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
backup-20070115-105438-225
O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070115-105438-471
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
backup-20070115-105438-212
O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070115-105438-808
O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070115-105438-609
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
backup-20070115-105438-342
O15 - Trusted Zone: *.kabum.pl (HKLM)
backup-20070115-105438-441
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070115-105438-892
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
backup-20070115-105438-497
O15 - Trusted Zone: *.gimmycash.com (HKLM)
backup-20070115-105438-452
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
backup-20070115-105438-800
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070115-105438-106
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
backup-20070115-105438-249
O15 - Trusted Zone: *.freeemotes.com
backup-20070115-105438-894
O15 - Trusted Zone: *.elitemediagroup.net
backup-20070115-105437-832
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
backup-20070115-105438-977
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
backup-20070115-105436-366
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-322
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105436-670
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
backup-20070115-105435-493
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
backup-20070115-105437-808
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20070115-105435-458
O4 - HKLM\..\Run: [*oleip] C:\WINDOWS\system32\Setup\oleip.exe
backup-20070115-105435-640
O4 - HKLM\..\Run: [*nutwin] C:\WINDOWS\Config\nutwin.exe
backup-20070115-105435-539
O4 - HKLM\..\Run: [*svcfax] C:\WINDOWS\java\svcfax.exe
backup-20070115-105435-105
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129685037\ee\AOLSoftware.exe
backup-20070115-105435-407
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20070115-105435-768
O4 - HKLM\..\Run: [{20-0E-E0-05-ZN}] c:\windows\system32\dwdsregt.exe FI002
backup-20070115-105435-155
O4 - HKLM\..\Run: [startmmdoit] C:\WINDOWS\mmxonehour.exe
backup-20070115-105435-430
O4 - HKLM\..\Run: [*csys] C:\WINDOWS\inf\csys.exe
backup-20070115-105435-415
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
backup-20070115-105435-212
O4 - HKCU\..\Run: [Ziteetbb] C:\WINDOWS\system32\WWEXEC~1.EXE
backup-20070115-105435-883
O4 - HKCU\..\Run: [Aotc] "C:\WINDOWS\tASKS\smss.exe" -vt mt
backup-20070115-105435-132
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
backup-20070115-105435-843
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
backup-20070115-105435-521
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20070115-105435-660
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
backup-20070115-105435-733
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\msagent\intl\psjava.exe
backup-20070115-105435-522
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
backup-20070115-105435-672
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\Config\tapieula.exe
backup-20070115-105435-447
O4 - HKLM\..\Run: [*avcat] C:\WINDOWS\msagent\intl\avcat.exe
backup-20070115-105435-346
O4 - HKLM\..\Run: [dwijlwg] C:\WINDOWS\System32\uoxsyg.exe
backup-20070115-105435-874
O4 - HKLM\..\Run: [drvbin] C:\WINDOWS\Config\drvbin.exe
backup-20070115-105435-453
O4 - HKLM\..\Run: [vssw] C:\WINDOWS\system32\1028\vssw.exe
backup-20070115-105435-720
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
backup-20070115-105435-838
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070115-105435-887
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-302
O2 - BHO: (no name) - {F3E8310D-A29D-C73B-9AFE-F2FA3CD93A96} - C:\WINDOWS\system32\smzou.dll (file missing)
backup-20070115-105435-804
O2 - BHO: (no name) - {CB2976E8-EF29-8AD4-7BE0-B39EF8625DC5} - C:\WINDOWS\System32\fntvzzwz.dll (file missing)
backup-20070115-105435-726
O2 - BHO: (no name) - {C6FF7A67-EBA1-DE5C-F5F8-E2CB2E9B5BCB} - C:\WINDOWS\System32\xmtyrlnl.dll (file missing)
backup-20070115-105435-997
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20070115-105435-661
O2 - BHO: (no name) - {A7ED567B-D0BD-AA90-A58C-1546E47D7C3D} - (no file)
backup-20070115-105435-743
O2 - BHO: (no name) - {9618DE09-1ECF-7E33-99DE-408199C25F90} - C:\WINDOWS\System32\brwxbwwo.dll (file missing)
backup-20070115-105435-439
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\utmmifxe.dll (file missing)
backup-20070115-105435-134
O2 - BHO: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-735
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070115-105435-998
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\CASEMA~1\LOCALS~1\Temp\nibvrd.dat (file missing)
backup-20070115-105435-244
O2 - BHO: (no name) - {24BA7BBD-EA75-848B-2C55-B8CE6EEAB7C5} - C:\WINDOWS\system32\oojqzj.dll (file missing)
backup-20070115-105435-771
O2 - BHO: (no name) - {11E40F10-9DD6-AA22-82FF-C26934FFDD91} - C:\WINDOWS\system32\doyhkr.dll (file missing)
backup-20070115-105435-440
O2 - BHO: (no name) - {1BAC3206-E637-14C5-8752-62550EF72A49} - C:\WINDOWS\System32\faufxg.dll (file missing)
backup-20070115-105435-572
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\hflepbdn.dll (file missing)
backup-20070115-105435-305
R3 - URLSearchHook: (no name) - {7F18DCA4-136D-7197-6D21-1FE4CDB4B3CB} - C:\WINDOWS\system32\behk.dll
backup-20070115-105435-483
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
backup-20070115-105435-273
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-668
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
backup-20070115-105435-431
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
backup-20070115-105435-524
O4 - HKLM\..\Run: [win3206477252841] C:\WINDOWS\win3206477252841.exe
backup-20070115-105435-639
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-15 14:39:33


Here is the latest! Thanks!!!
 
Hi,

quick question....were those files there to delete? I see AOL is still there. Did you find them? That's why I asked you to let me know how it went. ;) I need to know what to do for you next. :)

tea
 
Hello,

Thank you so much! :)


Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop AOLService
sc delete AOLService
sc stop AOL ACS
sc delete AOL ACS
exit
Click to expand...

Double click FixServices.bat. A window will open and close. This is normal.

Please go Here to run Panda's ActiveScan. http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).
Post the contents of the ActiveScan report, please, and a new HijackThis log.

Hopefully we're just about done. ;)

Thanks,
tea
 
Incident Status Location

Adware:adware/statblaster Not disinfected c:\windows\system32\WBCMUninst.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D9M1705NetInstaller.exe
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Adware:adware/esyndicate Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/mbkwbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/surfaccuracy Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:spyware/bridge Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Virus:Trj/Downloader.MDL Disinfected C:\WINDOWS\Tasks\smss.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[apuc.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\bbi8024_MEDIAMOTOR.exe[cb.exe]
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\LocalService\Cookies\system@mmm.media-motor[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@go[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@888[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@belnk[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@adopt.hbmediapro[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@atwola[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@dlm.dlmax[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@rightmedia[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@ct.360i[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@entrepreneur[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@offeroptimizer[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case
 
Managment\Cookies\case managment@belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@dist.belnk[5].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@drivecleaner[2].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@mmm.media-motor[3].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@i.screensavers[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@go[6].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@dist.belnk[6].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@www.winantivirus[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Case Managment\Cookies\case managment@delfinproject[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.com.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.gostats.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Case
 
Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.target.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.webpower.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Case Managment\Application Data\Mozilla\Firefox\Profiles\k68sjwfn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq791.tmp
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\VundoFix Backups\jisrbvfx.dll.bad
Adware:Adware/PurityScan Not disinfected C:\HJT\backups\backup-20070115-105435-134.dll


Logfile of HijackThis v1.99.1
Scan saved at 2:33:32 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1129685037\ee\aolsoftware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1129685037\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\cmd.exe
C:\AMERIC~1.0\aoltray.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1129685037\ee\aexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



There are the latest results. The computer is running much faster and still no popups!

Thanks again...

(I forgot to answer you before, someone on the computer is still using AIM...Also just found out that someone on the computer still uses AOL, so looks like for at least the time being AOL is needed on this computer, so I reinstalled a version...That would explain any of the AOL stuff showing back up).
 
Hello,

(I forgot to answer you before, someone on the computer is still using AIM...Also just found out that someone on the computer still uses AOL, so looks like for at least the time being AOL is needed on this computer, so I reinstalled a version...That would explain any of the AOL stuff showing back up).
Click to expand...
AHA! Mystery solved there. ;)

So there are other user accounts on the PC.....How many?

Panda sure showed a lot of stuff.:sick:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thanks,
tea
 
You must log in or register to reply here.
Back
Top