1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Nasty, nasty, Winfixer,WinAntiSpyware2007FreeInstall, et al

Discussion in 'Virus & Other Malware Removal' started by stanpoon, Jul 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. stanpoon

    stanpoon Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    4
    Please, please help. I'll even refrain from profanity in this post to hopefully get an answer. I'm a do it yourselfer, I've tried many solutions from other posts and still can't get rid of these nasty spyware/popups.

    Here's my HJT log: FYI, I have turned off System Restore, if that matters-

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:24:43 AM, on 7/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\SLClient.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\system32\slagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\svhost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
    C:\Program Files\Web Buying\v1.7.8\webbuying.exe
    C:\WINDOWS\retadpu2000219.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
    C:\WINDOWS\retadpu2000219.exe
    C:\Program Files\Outerinfo\OuterinfoUpdate.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\iuopmvkb.exe
    C:\WINDOWS\system32\haixsadj.exe
    C:\Program Files\s?stem32\d?xplore.exe
    C:\Documents and Settings\dgoodman\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.adin.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Advantage Credit International
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stormwind:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll
    O2 - BHO: (no name) - {391812AB-D11D-FE9D-4B15-8D8DBD26D09F} - C:\WINDOWS\system32\pkmp.dll
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aldvynel.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    O2 - BHO: (no name) - {AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE} - C:\WINDOWS\system32\awvtu.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: 0 - {B96F8239-F760-4471-1CA6-02B93E06DAA0} - C:\Program Files\ComPlus Applications\lavupa181.dll
    O2 - BHO: (no name) - {e25cbbf1-c14f-474d-8dc5-a7b3b6876960} - C:\WINDOWS\system32\joppeuj.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\temp\WinAntiSpyware2007FreeInstall.exe" -nag
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\eqpkpcjo.dll",realset
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
    O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
    O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.8\webbuying.exe
    O4 - HKCU\..\Run: [Tair] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
    O4 - HKCU\..\Run: [Uwkkmod] "C:\Program Files\s?stem32\d?xplore.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Load NET SatisFAXtion Popup Notifier.lnk = C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.winantispyware.com
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: NetGUI - http://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB
    O16 - DPF: {0A3F25B8-EF80-4B6C-AA64-4B87B4947198} (ACIShell.ShellExecute) - http://intranet.adin.net/Controls/ACIShell.CAB
    O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://project/projectserver/objects/pjclient.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://project/projectserver/objects/1033/pjcintl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adin.net
    O17 - HKLM\Software\..\Telephony: DomainName = adin.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C90690D9-7B53-4A46-8873-5D842687242C}: NameServer = 172.16.1.2,172.16.1.3
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adin.net
    O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
    O20 - Winlogon Notify: tuvstur - C:\WINDOWS\SYSTEM32\tuvstur.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\iuopmvkb.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 14053 bytes
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall


    ===============
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. stanpoon

    stanpoon Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    4
    Thanks so much for working on this for me:

    Here's the ComboFix log:
    "dgoodman" - 2007-07-09 9:58:16 - ComboFix 07-07-09.3 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\haixsadj.exe
    C:\WINDOWS\system32\otyhdjns.exe
    C:\WINDOWS\system32\uvhpylnn.exe


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZHSPGXXW\www.broadcaster.com
    C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZHSPGXXW\www.broadcaster.com\played_list.sol
    C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZHSPGXXW\www.broadcaster.com\video_queue.sol
    C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\dgoodman\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
    C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
    C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
    C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
    C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt
    C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt
    C:\Program Files\Common Files\hoke83122.dll
    C:\Program Files\Common Files\ssembl~1
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\Program Files\ComPlus Applications\lavupa.dll
    C:\Program Files\ComPlus Applications\lavupa181.dll
    C:\Program Files\ComPlus Applications\lavupa791.dll
    C:\Program Files\inetget2
    C:\Program Files\network monitor
    C:\Program Files\network monitor\netmon.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\OinUninstall.exe
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\Outerinfo.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\OuterinfoUpdate.exe
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\sstem3~1
    C:\Program Files\sstem3~1\d?xplore.exe
    C:\Program Files\svhost
    C:\Program Files\svhost\wr-1-0000077.exe
    C:\Program Files\web buying
    C:\Program Files\web buying\v1.7.8\wbuninst.exe
    C:\Program Files\web buying\v1.7.8\webbuying.exe
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\temp\iee
    C:\temp\iee\tmpZTF.log
    C:\WINDOWS\b136.exe
    C:\WINDOWS\poolsv.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\WINDOWS\retadpu2000219.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\RGF2aWQgR29vZG1hbg\asappsrv.dll
    C:\WINDOWS\RGF2aWQgR29vZG1hbg\command.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\system32\_000008_.tmp.dll
    C:\WINDOWS\system32\atmtd.dll.tmp
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\o02PrEz
    C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
    C:\WINDOWS\system32\o09PrEz
    C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
    C:\WINDOWS\system32\pkmp.dll
    C:\WINDOWS\system32\win
    C:\WINDOWS\system32\wnsapii32.exe
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\cmdService
    -------\core
    -------\DomainService
    -------\Network Monitor


    ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


    2007-07-09 10:03 <DIR> d-------- C:\temp\WPDNSE
    2007-07-09 09:57 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-09 09:51 <DIR> d-------- C:\temp\flashgot.gi4gq8dv.default
    2007-07-09 09:42 71,680 --a------ C:\temp\!update.exe
    2007-07-06 10:52 <DIR> d-------- C:\VundoFix Backups
    2007-07-06 10:25 <DIR> d-------- C:\temp\Adobelm_Cleanup.0001.dir.0001
    2007-07-06 10:25 <DIR> d-------- C:\temp\Adobelm_Cleanup.0001.dir.0000
    2007-07-06 10:03 <DIR> d-------- C:\DOCUME~1\dgoodman\APPLIC~1\WinTouch
    2007-07-06 09:33 852,566 --a------ C:\temp\cmdinst.exe
    2007-07-06 09:33 <DIR> d--hs---- C:\WINDOWS\RGF2aWQgR29vZG1hbg
    2007-07-06 09:21 <DIR> d-------- C:\temp\Mmae
    2007-07-06 07:51 50,708 --a------ C:\WINDOWS\system32\iuopmvkb.exe
    2007-07-06 07:46 9,720,100 --a------ C:\temp\WinAntiSpyware2007Setup.exe
    2007-07-06 07:45 69,828 --a------ C:\temp\WinAntiSpyware2007FreeInstall.exe
    2007-07-06 07:45 186,602 --a------ C:\temp\yazzlesnet.exe
    2007-07-06 07:45 <DIR> d-------- C:\temp\NI.UWAS7_0001_N91M2703
    2007-07-06 07:42 963,632 --a------ C:\temp\Outerinfo-1281.exe
    2007-07-06 07:42 516,096 --a------ C:\temp\NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe
    2007-07-06 07:42 30,806 --a------ C:\temp\wr-1-2000219.exe
    2007-07-06 07:42 172,032 --a------ C:\WINDOWS\system32\joppeuj.dll
    2007-07-06 07:42 109,572 --a------ C:\temp\snapsnet.exe
    2007-07-06 07:42 102,400 --a------ C:\temp\MBDownloader_876919.exe
    2007-07-06 07:42 <DIR> d-------- C:\WINDOWS\system32\X5
    2007-07-06 07:42 <DIR> d-------- C:\temp\OuterinfoTemp
    2007-07-06 07:37 <DIR> d-------- C:\temp\hsperfdata_dgoodman
    2007-07-05 13:14 28 --a------ C:\temp\ExchangePerflog_8484fa3115dac2b6cfcccd43.dat
    2007-07-05 13:14 <DIR> d-------- C:\temp\VPMECTMP
    2007-07-05 13:13 <DIR> d-------- C:\temp\MessengerCache
    2007-07-05 13:03 16,384 --a----t- C:\temp\Perflib_Perfdata_770.dat
    2007-07-05 12:20 <DIR> d-------- C:\Program Files\Sophos
    2007-07-05 12:05 <DIR> d-------- C:\{000043E5-0000-0000-D450-AC85B2B65C41}
    2007-07-05 12:05 <DIR> d-------- C:\{000043DD-0000-0000-AE41-A5B2B1616023}
    2007-07-05 10:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-07-05 10:31 135,168 --a------ C:\WINDOWS\tk58.exe
    2007-07-05 10:19 1,851,101 ---hs---- C:\WINDOWS\system32\qrutv.bak1
    2007-07-05 09:45 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-05 09:37 72,704 -r-hs---- C:\temp\sdexe.exe
    2007-07-03 17:11 43 --ahs---- C:\temp\removalfile.bat
    2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X9
    2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X4
    2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X3
    2007-07-03 17:11 <DIR> d-------- C:\WINDOWS\system32\X2
    2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-09 15:02:41 -------- d-----w C:\Program Files\Symantec AntiVirus
    2007-07-05 14:45:58 -------- d-----w C:\Program Files\SmartFTP Client 2.0
    2007-06-03 04:04:49 -------- d-----w C:\Program Files\MSXML 6.0
    2007-06-03 04:03:07 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-06-01 04:12:21 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-01 04:11:25 -------- d-----w C:\Program Files\MSXML 4.0
    2007-06-01 04:07:12 -------- d-----w C:\Program Files\MSBuild
    2007-06-01 04:03:29 -------- d-----w C:\Program Files\Reference Assemblies
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\RGF2aWQgR29vZG1hbg\l3IZuqk0lZ6St3Y1v0.vbs


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2005-09-24 00:12 63136 --a------ c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2005-05-31 05:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}]
    C:\WINDOWS\system32\awvtu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    2005-09-24 00:41 231160 --a------ c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e25cbbf1-c14f-474d-8dc5-a7b3b6876960}]
    2007-07-06 07:42 172032 --a------ C:\WINDOWS\system32\joppeuj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 08:50]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
    "Acrobat Assistant 7.0"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 00:30]
    "@"="" []
    "Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-21 17:26]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-08-18 14:49]
    "Tair"="C:\Program Files\Outerinfo\OuterinfoUpdate.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    "MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisablePersonalDirChange"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{4567AB12-B980-44A5-B259-9B09EBEA6331}"="C:\Program Files\WinAntiSpyware 2007\shellext.dll" []


    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-09 10:03:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-09 10:04:03 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-09 10:04

    --- E O F ---


    2. Vundo Tool didn't find anything, but I rebooted anyway

    3. Following is the log from SuperAntiSpyware and then I'll post my HJT log in another reply (length restriction)

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/09/2007 at 11:24 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 01:05:21

    Memory items scanned : 447
    Memory threats detected : 0
    Registry items scanned : 5795
    Registry threats detected : 98
    File items scanned : 70266
    File threats detected : 103

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}#AppID
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\ProgID
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\Programmable
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\TypeLib
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\VersionIndependentProgID
    C:\PROGRAM FILES\WINANTISPYWARE 2007\SHELLEXT.DLL
    HKLM\Software\Classes\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}
    HKCR\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}
    HKCR\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}\InprocServer32
    HKCR\CLSID\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\AWVTU.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC3E690F-D5D4-40A4-9CA0-3921F55C5DCE}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\washellext.ShellHook.1
    HKCR\washellext.ShellHook.1\CLSID
    HKCR\washellext.ShellHook
    HKCR\washellext.ShellHook\CLSID
    HKCR\washellext.ShellHook\CurVer
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\FLAGS
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR

    Adware.Mirar/NetNucleus
    HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Affiliate
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    C:\WINDOWS\SYSTEM32\WINNB58.DLL
    HKU\S-1-5-21-1390067357-1336601894-1606980848-4134\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [  ]
    C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070706-105045-591.DLL
    C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070706-105045-969.DLL

    Trojan.Downloader-WebBuying/PopEngine
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e25cbbf1-c14f-474d-8dc5-a7b3b6876960}
    HKCR\CLSID\{E25CBBF1-C14F-474D-8DC5-A7B3B6876960}
    HKCR\CLSID\{E25CBBF1-C14F-474D-8DC5-A7B3B6876960}\InprocServer32
    HKCR\CLSID\{E25CBBF1-C14F-474D-8DC5-A7B3B6876960}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\JOPPEUJ.DLL

    Browser Hijacker.Internet Explorer Zone Hijack
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

    Adware.Tracking Cookie
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected]=0_[2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected]=0_[3].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][3].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][2].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt
    C:\Documents and Settings\dgoodman\Cookies\[email protected][1].txt

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}#AppID
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\LocalServer32
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\Programmable

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
    C:\WINDOWS\PREFETCH\YAZZLE1122OINADMIN.EXE-0F198A06.PF
    C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-27312430.PF
    C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1122.EXE-0A70446A.PF

    Adware.ClickSpring/Outer Info Network
    HKLM\Software\Outerinfo
    HKLM\Software\Outerinfo#InstallDirectory
    HKLM\Software\Outerinfo#REFID
    HKLM\Software\Outerinfo#PID
    C:\Documents and Settings\dgoodman\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\dgoodman\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\dgoodman\Start Menu\Programs\Outerinfo

    Trojan.ZQuest
    C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070705-124329-455.DLL
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMPLUS APPLICATIONS\LAVUPA.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMPLUS APPLICATIONS\LAVUPA181.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMPLUS APPLICATIONS\LAVUPA791.DLL.VIR

    Trojan.Downloader-ClickSpring/NDrv
    C:\DOCUMENTS AND SETTINGS\DGOODMAN\DESKTOP\BACKUPS\BACKUP-20070706-105045-239.DLL

    Adware.k8l
    C:\PROGRAM FILES\COMPLUS APPLICATIONS\PROFSYDY.HTML

    Trojan.NetMon/DNSChange
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR

    Adware.ClickSpring-Variant
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\OUTERINFO\OUTERINFOUPDATE.EXE.VIR

    Adware.WebBuying Assistant-Installer
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.7.8\WBUNINST.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.7.8\WEBBUYING.EXE.VIR

    Adware.Adservs
    C:\QOOBOX\QUARANTINE\C\WINDOWS\RGF2AWQGR29VZG1HBG\ASAPPSRV.DLL.VIR

    Unclassified.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\RGF2AWQGR29VZG1HBG\COMMAND.EXE.VIR

    Trojan.Downloader-Gen/BundleBase
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\O02PREZ\O02PREZ1065.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\O09PREZ\O09PREZ1099.EXE.VIR

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSAPII32.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
    C:\WINDOWS\RGF2AWQGR29VZG1HBG\L3IZUQK0LZ6ST3Y1V0.VBS

    Trojan.Downloader-Gen/Blah
    C:\VUNDOFIX BACKUPS\BYXYAXY.DLL.BAD

    Trojan.Downloader-Gen/HitItQuitIt
    C:\VUNDOFIX BACKUPS\QOMMMKJ.DLL.BAD
    C:\VUNDOFIX BACKUPS\TUVSTUR.DLL.BAD

    Trojan.Downloader-Gen/Installer
    C:\WINDOWS\B104.EXE
    C:\WINDOWS\Prefetch\B104.EXE-3A55DE9A.pf

    Trojan.Rootkit-TnCore/Installer
    C:\WINDOWS\SYSTEM32\X4\WEN22.EXE
    C:\WINDOWS\Prefetch\WEN22.EXE-3A7E0983.pf

    Trojan.ZQuest-Installer
    C:\WINDOWS\TK58.EXE
    C:\WINDOWS\Prefetch\TK58.EXE-1D42EE94.pf
     
  4. stanpoon

    stanpoon Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    4
    HJT LOG:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:31, on 2007-07-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\SLClient.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\slagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\dgoodman\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.adin.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stormwind:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    O4 - HKCU\..\Run: [Tair] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Load NET SatisFAXtion Popup Notifier.lnk = C:\Program Files\NET SatisFAXtion\Client Suite\PopupNotifier.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: NetGUI - http://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB
    O16 - DPF: {0A3F25B8-EF80-4B6C-AA64-4B87B4947198} (ACIShell.ShellExecute) - http://intranet.adin.net/Controls/ACIShell.CAB
    O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://project/projectserver/objects/pjclient.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://project/projectserver/objects/1033/pjcintl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adin.net
    O17 - HKLM\Software\..\Telephony: DomainName = adin.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C90690D9-7B53-4A46-8873-5D842687242C}: NameServer = 172.16.1.2,172.16.1.3
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adin.net
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 11781 bytes
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HiJackThis – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKCU\..\Run: [Tair] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
    DownLoad Killbox from one of these links



    How are things
     
  6. stanpoon

    stanpoon Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    4
    So far, so good. Followed all your instructions and popups have not returned. I also downloaded Killbox from Bleeping Computer. If I need to do anything with it, please let me know. Otherwise, THANK YOU, THANK YOU, THANK YOU. I would've ended up wiping my drive w/o this help. Whew!
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/592438

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice