my sisters desktop has some problems...
neogeo0823
Deep within the bowels of a sperm whale
hi guys, remember me? well i finally got my sisters desktop to start back up and ive run some scans with spybot s&d, ad-aware se, and hjt. i still dont know if the problem lies in hardware or software, so ill keep the other thread open in case it it a hardware problem. in any instance, heres the hjt log. i still cant make heads or tails of them, so hopefully this one says that everythings fine now and i can go about my business
thanks in advance!
neogeo0823
Logfile of HijackThis v1.99.1
Scan saved at 5:22:06 PM, on 11/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jean Smith\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160531252561
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab
thanks in advance!
neogeo0823
Logfile of HijackThis v1.99.1
Scan saved at 5:22:06 PM, on 11/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jean Smith\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160531252561
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab
0
Comments
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c18.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.c...kerutility.cab
[STEP 2]Run Additional Tools:
Download Ewido
[STEP 3]Update Windows:
Microsoft Windows Update
[STEP 4]Report Back to us:
EDIT: well, its been quite some time so i guess ill have to try and shut down the computer and simply hope that it starts next time. heres the updated log of the things ewido found. i quarentined everything it found.
AVG Anti-Spyware - Scan Report
+ Created at: 11:57:30 PM 11/18/2006
+ Scan result:
C:\PestPatrol\Quarantine\20040920220803936.zip/temp/msbbhook.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_05-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_06-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_07-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_08-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_09-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_10-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_11-09-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\CxtPls.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\CxtPls.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\ProxyStub.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\WinGenerics.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\ace.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\uninstaller.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/temp/cdt_bbi8016.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/Program Files/navisearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/apuc.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/temp/lc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/Documents and Settings/Jean Smith/Local Settings/Temp/randreco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/thinInstall.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI1AE8.tmp/localNRD.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI1D11.tmp/preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI2C5A.tmp/preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI5668.tmp/preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI71FA.tmp/preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI72C4.tmp/preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/localNRD.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/mxtarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/preinsln.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/preinsmt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/localNRD.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/mxtarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/preinsln.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/bxxs5.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/dhbrwsr.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/dhp.dll -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/dhp2.dll -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/dhsvr.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/dhupdt.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041251.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041256.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041257.EXE -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041260.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\Program Files\Midnight Lake Screensaver\MidnightLake.exe -> Adware.GAINNetwork : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038104.exe -> Adware.GAINNetwork : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038126.exe -> Adware.GAINNetwork : Cleaned with backup (quarantined).
C:\Program Files\Midnight Lake Screensaver\ML1Helper.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Midnight Lake Screensaver\ML1Uninstaller.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038101.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038102.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038112.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038113.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038123.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP117\A0038124.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/systb.exe/systb.dll -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/systb.exe/systb.dll -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041263.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041245.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/popoops.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/popoops2.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/swlad1.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/swlad2.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/swrt01.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/djtopr1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/web_rebates/disp1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/web_rebates/webrebates0.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/web_rebates/webrebates0.to_be_deleted -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/web_rebates/webrebates1.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/web_rebates/webrebates1.to_be_deleted -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/Program Files/toolbar/toolbar.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/winad client/clientcom.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/winad client/winad.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Program Files/winad client/winclt.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/THI1AE8.tmp/polall1l.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/locals~1/temp/polmx3.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/LastGood/polmx3.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/polmx3.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/Documents and Settings/Jean Smith/locals~1/temp/polmx3.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/system32/loaseo.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ncodpa.exe -> Downloader.Agent.ed : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vwezibh.exe -> Downloader.Agent.jc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntbrccsp.exe -> Downloader.Apropo.ac : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/local settings/temp/wupdt.exe -> Downloader.Intexp.a : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/Documents and Settings/Jean Smith/local settings/temp/wupdt.exe -> Downloader.Intexp.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FC9B06C-0722-4172-A48E-7B09629255F7}\RP118\A0041252.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\1.exe -> Downloader.Small.aaq : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/Documents and Settings/brad smith/Local Settings/Temp/conscorr.exe -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040924201518056.zip/WINDOWS/conscorr.exe -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\PestPatrol\Quarantine\20040920220803936.zip/WINDOWS/UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 9:26:27 AM, on 11/19/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Jean Smith\My Documents\Lauren's stuff\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jean Smith\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160531252561
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe