Nasty, nasty, Winfixer,WinAntiSpyware2007FreeInstall, et al

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

stanpoon

Thread Starter
Joined
Jul 6, 2007
Messages
4
Please, please help. I'll even refrain from profanity in this post to hopefully get an answer. I'm a do it yourselfer, I've tried many solutions from other posts and still can't get rid of these nasty spyware/popups.

Here's my HJT log: FYI, I have turned off System Restore, if that matters-

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:24:43 AM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svhost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\Program Files\Web Buying\v1.7.8\webbuying.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Outerinfo\OuterinfoUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\iuopmvkb.exe
C:\WINDOWS\system32\haixsadj.exe
C:\Program Files\s?stem32\d?xplore.exe
C:\Documents and Settings\dgoodman\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.adin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Advantage Credit International
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stormwind:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll
O2 - BHO: (no name) - {391812AB-D11D-FE9D-4B15-8D8DBD26D09F} - C:\WINDOWS\system32\pkmp.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aldvynel.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: (no name) - {AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: 0 - {B96F8239-F760-4471-1CA6-02B93E06DAA0} - C:\Program Files\ComPlus Applications\lavupa181.dll
O2 - BHO: (no name) - {e25cbbf1-c14f-474d-8dc5-a7b3b6876960} - C:\WINDOWS\system32\joppeuj.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\temp\WinAntiSpyware2007FreeInstall.exe" -nag
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\eqpkpcjo.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.8\webbuying.exe
O4 - HKCU\..\Run: [Tair] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
O4 - HKCU\..\Run: [Uwkkmod] "C:\Program Files\s?stem32\d?xplore.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Load NET SatisFAXtion Popup Notifier.lnk = C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NetGUI - http://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB
O16 - DPF: {0A3F25B8-EF80-4B6C-AA64-4B87B4947198} (ACIShell.ShellExecute) - http://intranet.adin.net/Controls/ACIShell.CAB
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://project/projectserver/objects/pjclient.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://project/projectserver/objects/1033/pjcintl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adin.net
O17 - HKLM\Software\..\Telephony: DomainName = adin.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{C90690D9-7B53-4A46-8873-5D842687242C}: NameServer = 172.16.1.2,172.16.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adin.net
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: tuvstur - C:\WINDOWS\SYSTEM32\tuvstur.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\iuopmvkb.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14053 bytes
 
Joined
Sep 7, 2004
Messages
49,014
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


===============
If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

stanpoon

Thread Starter
Joined
Jul 6, 2007
Messages
4
Thanks so much for working on this for me:

Here's the ComboFix log:
"dgoodman" - 2007-07-09 9:58:16 - ComboFix 07-07-09.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\haixsadj.exe
C:\WINDOWS\system32\otyhdjns.exe
C:\WINDOWS\system32\uvhpylnn.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZHSPGXXW\www.broadcaster.com
C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZHSPGXXW\www.broadcaster.com\played_list.sol
C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZHSPGXXW\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt
C:\Program Files\Common Files\hoke83122.dll
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\ComPlus Applications\lavupa.dll
C:\Program Files\ComPlus Applications\lavupa181.dll
C:\Program Files\ComPlus Applications\lavupa791.dll
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\OuterinfoUpdate.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sstem3~1
C:\Program Files\sstem3~1\d?xplore.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.7.8\wbuninst.exe
C:\Program Files\web buying\v1.7.8\webbuying.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\b136.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\RGF2aWQgR29vZG1hbg\asappsrv.dll
C:\WINDOWS\RGF2aWQgR29vZG1hbg\command.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
C:\WINDOWS\system32\pkmp.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnsapii32.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\DomainService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-09 10:03 <DIR> d-------- C:\temp\WPDNSE
2007-07-09 09:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-09 09:51 <DIR> d-------- C:\temp\flashgot.gi4gq8dv.default
2007-07-09 09:42 71,680 --a------ C:\temp\!update.exe
2007-07-06 10:52 <DIR> d-------- C:\VundoFix Backups
2007-07-06 10:25 <DIR> d-------- C:\temp\Adobelm_Cleanup.0001.dir.0001
2007-07-06 10:25 <DIR> d-------- C:\temp\Adobelm_Cleanup.0001.dir.0000
2007-07-06 10:03 <DIR> d-------- C:\DOCUME~1\dgoodman\APPLIC~1\WinTouch
2007-07-06 09:33 852,566 --a------ C:\temp\cmdinst.exe
2007-07-06 09:33 <DIR> d--hs---- C:\WINDOWS\RGF2aWQgR29vZG1hbg
2007-07-06 09:21 <DIR> d-------- C:\temp\Mmae
2007-07-06 07:51 50,708 --a------ C:\WINDOWS\system32\iuopmvkb.exe
2007-07-06 07:46 9,720,100 --a------ C:\temp\WinAntiSpyware2007Setup.exe
2007-07-06 07:45 69,828 --a------ C:\temp\WinAntiSpyware2007FreeInstall.exe
2007-07-06 07:45 186,602 --a------ C:\temp\yazzlesnet.exe
2007-07-06 07:45 <DIR> d-------- C:\temp\NI.UWAS7_0001_N91M2703
2007-07-06 07:42 963,632 --a------ C:\temp\Outerinfo-1281.exe
2007-07-06 07:42 516,096 --a------ C:\temp\NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe
2007-07-06 07:42 30,806 --a------ C:\temp\wr-1-2000219.exe
2007-07-06 07:42 172,032 --a------ C:\WINDOWS\system32\joppeuj.dll
2007-07-06 07:42 109,572 --a------ C:\temp\snapsnet.exe
2007-07-06 07:42 102,400 --a------ C:\temp\MBDownloader_876919.exe
2007-07-06 07:42 <DIR> d-------- C:\WINDOWS\system32\X5
2007-07-06 07:42 <DIR> d-------- C:\temp\OuterinfoTemp
2007-07-06 07:37 <DIR> d-------- C:\temp\hsperfdata_dgoodman
2007-07-05 13:14 28 --a------ C:\temp\ExchangePerflog_8484fa3115dac2b6cfcccd43.dat
2007-07-05 13:14 <DIR> d-------- C:\temp\VPMECTMP
2007-07-05 13:13 <DIR> d-------- C:\temp\MessengerCache
2007-07-05 13:03 16,384 --a----t- C:\temp\Perflib_Perfdata_770.dat
2007-07-05 12:20 <DIR> d-------- C:\Program Files\Sophos
2007-07-05 12:05 <DIR> d-------- C:\{000043E5-0000-0000-D450-AC85B2B65C41}
2007-07-05 12:05 <DIR> d-------- C:\{000043DD-0000-0000-AE41-A5B2B1616023}
2007-07-05 10:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-07-05 10:31 135,168 --a------ C:\WINDOWS\tk58.exe
2007-07-05 10:19 1,851,101 ---hs---- C:\WINDOWS\system32\qrutv.bak1
2007-07-05 09:45 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-05 09:37 72,704 -r-hs---- C:\temp\sdexe.exe
2007-07-03 17:11 43 --ahs---- C:\temp\removalfile.bat
2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X9
2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X4
2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X3
2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X2
2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 15:02:41 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-05 14:45:58 -------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-06-03 04:04:49 -------- d-----w C:\Program Files\MSXML 6.0
2007-06-03 04:03:07 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-01 04:12:21 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-01 04:11:25 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-01 04:07:12 -------- d-----w C:\Program Files\MSBuild
2007-06-01 04:03:29 -------- d-----w C:\Program Files\Reference Assemblies
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\RGF2aWQgR29vZG1hbg\l3IZuqk0lZ6St3Y1v0.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2005-09-24 00:12 63136 --a------ c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-05-31 05:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2005-09-24 00:41 231160 --a------ c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e25cbbf1-c14f-474d-8dc5-a7b3b6876960}]
2007-07-06 07:42 172032 --a------ C:\WINDOWS\system32\joppeuj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 08:50]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 00:30]
"@"="" []
"Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-21 17:26]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-08-18 14:49]
"Tair"="C:\Program Files\Outerinfo\OuterinfoUpdate.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"="C:\Program Files\WinAntiSpyware 2007\shellext.dll" []


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 10:03:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 10:04:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-09 10:04

--- E O F ---


2. Vundo Tool didn't find anything, but I rebooted anyway

3. Following is the log from SuperAntiSpyware and then I'll post my HJT log in another reply (length restriction)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2007 at 11:24 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:05:21

Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 5795
Registry threats detected : 98
File items scanned : 70266
File threats detected : 103

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}#AppID
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32#ThreadingModel
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\ProgID
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\Programmable
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\TypeLib
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\VersionIndependentProgID
C:\PROGRAM FILES\WINANTISPYWARE 2007\SHELLEXT.DLL
HKLM\Software\Classes\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}
HKCR\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}
HKCR\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}\InprocServer32
HKCR\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWVTU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\washellext.ShellHook.1
HKCR\washellext.ShellHook.1\CLSID
HKCR\washellext.ShellHook
HKCR\washellext.ShellHook\CLSID
HKCR\washellext.ShellHook\CurVer
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\FLAGS
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR

Adware.Mirar/NetNucleus
HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Affiliate
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
C:\WINDOWS\SYSTEM32\WINNB58.DLL
HKU\S-1-5-21-1390067357-1336601894-1606980848-4134\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [  ]
C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070706-105045-591.DLL
C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070706-105045-969.DLL

Trojan.Downloader-WebBuying/PopEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e25cbbf1-c14f-474d-8dc5-a7b3b6876960}
HKCR\CLSID\{E25CBBF1-C14F-474D-8DC5-A7B3B6876960}
HKCR\CLSID\{E25CBBF1-C14F-474D-8DC5-A7B3B6876960}\InprocServer32
HKCR\CLSID\{E25CBBF1-C14F-474D-8DC5-A7B3B6876960}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JOPPEUJ.DLL

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Adware.Tracking Cookie
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected]=0_[2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected]=0_[3].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][3].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}#AppID
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\LocalServer32
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\Programmable

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
C:\WINDOWS\PREFETCH\YAZZLE1122OINADMIN.EXE-0F198A06.PF
C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-27312430.PF
C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1122.EXE-0A70446A.PF

Adware.ClickSpring/Outer Info Network
HKLM\Software\Outerinfo
HKLM\Software\Outerinfo#InstallDirectory
HKLM\Software\Outerinfo#REFID
HKLM\Software\Outerinfo#PID
C:\Documents and Settings\dgoodman\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\dgoodman\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\dgoodman\Start Menu\Programs\Outerinfo

Trojan.ZQuest
C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070705-124329-455.DLL
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMPLUS APPLICATIONS\LAVUPA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMPLUS APPLICATIONS\LAVUPA181.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMPLUS APPLICATIONS\LAVUPA791.DLL.VIR

Trojan.Downloader-ClickSpring/NDrv
C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070706-105045-239.DLL

Adware.k8l
C:\PROGRAM FILES\COMPLUS APPLICATIONS\PROFSYDY.HTML

Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR

Adware.ClickSpring-Variant
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\OUTERINFO\OUTERINFOUPDATE.EXE.VIR

Adware.WebBuying Assistant-Installer
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.7.8\WBUNINST.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.7.8\WEBBUYING.EXE.VIR

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\RGF2AWQGR29VZG1HBG\ASAPPSRV.DLL.VIR

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\RGF2AWQGR29VZG1HBG\COMMAND.EXE.VIR

Trojan.Downloader-Gen/BundleBase
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\O02PREZ\O02PREZ1065.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\O09PREZ\O09PREZ1099.EXE.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSAPII32.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\WINDOWS\RGF2AWQGR29VZG1HBG\L3IZUQK0LZ6ST3Y1V0.VBS

Trojan.Downloader-Gen/Blah
C:\VUNDOFIX BACKUPS\BYXYAXY.DLL.BAD

Trojan.Downloader-Gen/HitItQuitIt
C:\VUNDOFIX BACKUPS\QOMMMKJ.DLL.BAD
C:\VUNDOFIX BACKUPS\TUVSTUR.DLL.BAD

Trojan.Downloader-Gen/Installer
C:\WINDOWS\B104.EXE
C:\WINDOWS\Prefetch\B104.EXE-3A55DE9A.pf

Trojan.Rootkit-TnCore/Installer
C:\WINDOWS\SYSTEM32\X4\WEN22.EXE
C:\WINDOWS\Prefetch\WEN22.EXE-3A7E0983.pf

Trojan.ZQuest-Installer
C:\WINDOWS\TK58.EXE
C:\WINDOWS\Prefetch\TK58.EXE-1D42EE94.pf
 

stanpoon

Thread Starter
Joined
Jul 6, 2007
Messages
4
HJT LOG:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:31, on 2007-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\dgoodman\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.adin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stormwind:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [Tair] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Load NET SatisFAXtion Popup Notifier.lnk = C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: NetGUI - http://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB
O16 - DPF: {0A3F25B8-EF80-4B6C-AA64-4B87B4947198} (ACIShell.ShellExecute) - http://intranet.adin.net/Controls/ACIShell.CAB
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://project/projectserver/objects/pjclient.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://project/projectserver/objects/1033/pjcintl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adin.net
O17 - HKLM\Software\..\Telephony: DomainName = adin.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{C90690D9-7B53-4A46-8873-5D842687242C}: NameServer = 172.16.1.2,172.16.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adin.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11781 bytes
 
Joined
Sep 7, 2004
Messages
49,014
Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKCU\..\Run: [Tair] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
DownLoad Killbox from one of these links



How are things
 

stanpoon

Thread Starter
Joined
Jul 6, 2007
Messages
4
So far, so good. Followed all your instructions and popups have not returned. I also downloaded Killbox from Bleeping Computer. If I need to do anything with it, please let me know. Otherwise, THANK YOU, THANK YOU, THANK YOU. I would've ended up wiping my drive w/o this help. Whew!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top