Pop ups - zedo.com outerinfo.com

[jsundlof]

We are getting constant pop-ups which I think are related to zedo.com and outerinfo.com. I went to both sites and attempted to used there "opt out" buttons with no results. The pop-ups are extremely intrusive. there really out to be a law against this sort of thing. I have completed the 5 steps and am posting my log below. Thank you in advance for your kind assistance.

Deckard's System Scanner v20070426.43
Run by Owner on 2007-05-05 at 13:37:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2007-05-05 18:38:05 UTC - RP383 - Deckard's System Scanner Restore Point
101: 2007-05-05 16:51:18 UTC - RP382 - Unsigned driver install
100: 2007-05-04 15:51:08 UTC - RP381 - System Checkpoint
99: 2007-05-03 15:33:30 UTC - RP380 - System Checkpoint
98: 2007-05-02 14:33:30 UTC - RP379 - System Checkpoint


-- First Restore Point --
1: 2007-02-06 03:58:56 UTC - RP282 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:44:53 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\??stem\r?ndll32.exe
C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://sitecontrol.hostway.com/pas/...s/Login.render
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3DE2EDC1-5127-0AD4-7564-0EB26B1E85BE} - C:\WINDOWS\system32\sji.dll (file missing)
O2 - BHO: (no name) - {3DE2EDC7-5121-7ADC-7560-7CB21F1B85C8} - C:\WINDOWS\system32\sji.dll (file missing)
O2 - BHO: (no name) - {45E1AB69-15F3-4E75-F248-6BE33BE9A8CE} - C:\WINDOWS\system32\muv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E43E7A3E-CEF7-915D-F1AF-C0DEB8B505C4} - C:\WINDOWS\system32\igugf.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wwdsqpu] "C:\Documents and Settings\Owner\Application Data\??stem\r?ndll32.exe" 99001122
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe" -vt ndrv
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158529351750
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 core - c:\windows\system32\drivers\core.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - c:\windows\system32\drivers\an983.sys <Not Verified; ADMtek Incorporated.; ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 brfilt (Brother MFC Filter Driver) - c:\windows\system32\drivers\brfilt.sys <Not Verified; Brother Industries Ltd.; Microsoft® Windows® Operating System>
R3 BrUsbScn (Brother MFC USB Scanner driver) - c:\windows\system32\drivers\brusbscn.sys <Not Verified; Brother Industries Ltd.; Microsoft® Windows® Operating System>
R3 E1000 (Intel(R) PRO/1000 Adapter Driver) - c:\windows\system32\drivers\e1000325.sys <Not Verified; Intel Corporation; Intel(R) PRO/1000 Adapter>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 EVOLUSB (%EVOL_USB_SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>
R3 mf - c:\windows\system32\drivers\mf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP Modem>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pctvvbi - c:\windows\system32\drivers\pctvvbi.sys <Not Verified; Pinnacle Systems; Pinnacle Systems Product Family>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 AR5513 (DWL-G520M Wireless 108G MIMO PCI Adapter) - c:\windows\system32\drivers\ar5513.sys (file missing)
S3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 DuneNtsc (Pinnacle PCTV Deluxe USB (NTSC) Device) - c:\windows\system32\drivers\dunentsc.sys <Not Verified; Emuzed, Inc.; Pinnacle PCTV Deluxe USB (NTSC).>
S3 FINEPIX_PCC (FinePix Digital Camera 020523) - c:\windows\system32\drivers\v4cb0115.sys <Not Verified; FUJI PHOTO FILM CO.,LTD.; USB PC Camera>
S3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S2 COM+ Messages - "c:\windows\system32\svchosts.exe" -e te-110-12-0000245 (file missing)
S2 UnoInstallerService (Uno Installer) - c:\program files\m-audio uno\unoinst.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-29 17:48:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-04-05 and 2007-05-05 -----------------------------

2007-05-05 13:09:28 21312 --a------ C:\WINDOWS\choice.exe
2007-05-05 13:05:52 0 d-------- C:\ie-spyad2
2007-05-05 12:57:33 0 d-------- C:\Program Files\SpywareBlaster
2007-05-05 12:04:12 0 d-------- C:\Program Files\InterMute
2007-05-02 08:32:00 72320 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-04-26 09:49:43 85504 -----n--- C:\WINDOWS\system32\evolusbn.dll <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>
2007-04-26 09:49:43 21984 --a------ C:\WINDOWS\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>
2007-04-26 09:34:38 0 d-------- C:\Program Files\SmartMusic
2007-04-26 09:34:27 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-04-26 09:33:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 09:33:30 0 d-------- C:\Psfonts
2007-04-26 09:33:11 0 d-------- C:\Program Files\Finale 2003
2007-04-26 09:32:36 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-26 09:31:50 0 d-------- C:\Program Files\M-Audio Uno
2007-04-22 11:47:25 0 d-------- C:\Documents and Settings\p sundlof\Application Data\Snapfish
2007-04-22 11:47:22 1829 --a------ C:\WINDOWS\mozver.dat
2007-04-18 10:35:17 0 d-------- C:\Program Files\iPod
2007-04-18 10:35:14 0 d-------- C:\Program Files\iTunes
2007-04-18 10:27:19 0 d-------- C:\Documents and Settings\p sundlof\Application Data\iCloner
2007-04-18 09:49:18 0 d-------- C:\Documents and Settings\p sundlof\Application Data\CopyTrans
2007-04-11 18:19:24 69632 --a------ C:\WINDOWS\system32\lfgif13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 462848 --a------ C:\WINDOWS\system32\ltkrn13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 450560 --a------ C:\WINDOWS\system32\ltimg13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 163840 --a------ C:\WINDOWS\system32\ltfil13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 206336 --a------ C:\WINDOWS\system32\ltefx13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 299008 --a------ C:\WINDOWS\system32\ltdis13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 401408 --a------ C:\WINDOWS\system32\lfcmp13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:19:23 57344 --a------ C:\WINDOWS\system32\lfbmp13n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32>
2007-04-11 18:00:45 0 dr------- C:\Documents and Settings\p sundlof\Application Data\Brother
2007-04-07 14:08:42 0 d-------- C:\Program Files\webHancer


-- Find3M Report ---------------------------------------------------------------

2007-05-05 13:20:39 0 d-------- C:\Program Files\Common Files\AOL
2007-05-05 13:20:03 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000001-00001102-00000004-20041102}.dat
2007-05-05 13:20:03 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000001-00001102-00000004-20041102}.dat
2007-05-05 12:45:05 0 d-------- C:\Program Files\Common Files\aolshare
2007-05-05 11:50:24 0 d-------- C:\Program Files\Common Files\??mantec
2007-05-05 11:44:01 0 d-------- C:\Program Files\Common Files\{5047DE6A-0C78-1033-0421-040305220001}
2007-04-26 09:32:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-18 10:34:28 0 d-------- C:\Program Files\QuickTime
2007-04-18 10:33:11 0 d-------- C:\Program Files\Apple Software Update
2007-03-22 22:56:41 2 --a------ C:\WINDOWS\system32\wnstssv32.exe
2007-03-22 22:56:40 0 d-------- C:\Documents and Settings\Owner\Application Data\??stem
2007-03-22 09:29:49 0 d-------- C:\Program Files\Common Files\{5047DE6A-0C77-1033-0421-040305220001}
2007-03-19 13:30:06 60928 --a------ C:\WINDOWS\system32\muv.dll
2007-03-18 09:27:17 0 d---s---- C:\Documents and Settings\Owner\Application Data\M?crosoft
2007-03-13 0008 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-03-10 15:02:33 0 d-------- C:\Program Files\Quicken
2007-03-10 15:02:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2007-02-24 16:53:19 2 --a------ C:\WINDOWS\system32\wnststr.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
{3DE2EDC1-5127-0AD4-7564-0EB26B1E85BE} C:\WINDOWS\system32\sji.dll [x]
{3DE2EDC7-5121-7ADC-7560-7CB21F1B85C8} C:\WINDOWS\system32\sji.dll [x]
{45E1AB69-15F3-4E75-F248-6BE33BE9A8CE} C:\WINDOWS\system32\muv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{E43E7A3E-CEF7-915D-F1AF-C0DEB8B505C4} C:\WINDOWS\system32\igugf.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Wwdsqpu"="\"C:\\Documents and Settings\\Owner\\Application Data\\??stem\\r?ndll32.exe\" 99001122"
"Ltho"="\"C:\\PROGRA~1\\COMMON~1\\MANTEC~1\\mshta.exe\" -vt ndrv"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"="MIDIDEF.EXE"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\D-Link REG Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\D-Link REG Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DWL-G5~1\\Reg.exe "
"item"="D-Link REG Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DWL-G5~1\\AIRPLUS.exe "
"item"="DWL-G520M Wireless 108G MIMO PCI Adapter Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Exif Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle PCTV Scheduler.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Pinnacle PCTV Scheduler.lnk"
"backup"="C:\\WINDOWS\\pss\\Pinnacle PCTV Scheduler.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\Programs\\PCLESC~1.EXE "
"item"="Pinnacle PCTV Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SmartUI.lnk"
"backup"="C:\\WINDOWS\\pss\\SmartUI.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Scansoft\\PAPERP~1\\SmartUI\\SmartUI.exe "
"item"="SmartUI"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cjzjyb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="c?rss"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\s?mbols\\c?rss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1157917618\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ltho]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mshta"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\COMMON~1\\MANTEC~1\\mshta.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrmq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mrmqm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\mrmq\\mrmqm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVRemote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remoterm"
"hkey"="HKLM"
"command"="C:\\Program Files\\Pinnacle\\Pinnacle PCTV Deluxe\\Remote\\Remoterm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRONoMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSHAVE"
"hkey"="HKLM"
"command"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrDefPrt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\BRMFLPRO\\BrDefPrt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047DE6A-0C77-1033-0421-040305220001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{5047DE6A-0C77-1033-0421-040305220001}\\Update.exe\" te-110-12-0000245"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047DE6A-0C78-1033-0421-040305220001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{5047DE6A-0C78-1033-0421-040305220001}\\Update.exe\" te-110-12-0000245"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-05 at 13:46:15 ---------

[LonnyRJones]

Welcome jsundlof
Start Your Hijackthis Scan and place a check next to these items If there.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {3DE2EDC1-5127-0AD4-7564-0EB26B1E85BE} - C:\WINDOWS\system32\sji.dll (file missing)
O2 - BHO: (no name) - {3DE2EDC7-5121-7ADC-7560-7CB21F1B85C8} - C:\WINDOWS\system32\sji.dll (file missing)
O2 - BHO: (no name) - {45E1AB69-15F3-4E75-F248-6BE33BE9A8CE} - C:\WINDOWS\system32\muv.dll
O2 - BHO: (no name) - {E43E7A3E-CEF7-915D-F1AF-C0DEB8B505C4} - C:\WINDOWS\system32\igugf.dll (file missing)
O4 - HKCU\..\Run: [Wwdsqpu] "C:\Documents and Settings\Owner\Application Data\??stem\r?ndll32.exe" 99001122
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe" -vt ndrv

====================================
Hit fix checked and close Hijackthis.

Post a combofix log
1. Download this file - combofix.exe
http://www.techsupportforum.com/sect...s/ComboFix.exe
alternate link
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Also: Post a fresh Hijackthis log

It appears you do not run an antivirus program, why is that ?

[jsundlof]

thank you. I deleted the items as instructed and now here is the log from ComboFix which will be followed in the next post by the new scanlog from hijackthis after doing ComboFix:

ComboFix log:
"Owner" - 2007-05-12 11:27:14 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\webhancer\whAgent_update.exe
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt
C:\Program Files\Common Files\{3047D~1\Bar888.dll
C:\Program Files\Common Files\{3047D~1\toolbardll.lzma
C:\Program Files\Common Files\{3047D~1\UnInstall.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wnststr.exe
C:\Program Files\outerinfo
C:\Program Files\webhancer
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon
C:\Program Files\Common Files\{3047D~1
C:\Program Files\Common Files\{5047D~2
C:\Program Files\Common Files\{5047D~1
C:\WINDOWS\system32\drivers\core.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Owner
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\MCROSO~1
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\STEM~1
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\STEM~1\r?ndll32.exe
C:\qoobox\purity\C\Program Files\SCURIT~1
C:\qoobox\purity\C\Program Files\Common Files\MANTEC~1
C:\qoobox\purity\C\Program Files\Common Files\STEM~1
C:\qoobox\purity\C\WINDOWS\system32\SMBOLS~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\COM+ Messages
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))


2007-05-05 13:37 <DIR> d-------- C:\Deckard
2007-05-05 13:09 21,312 --a------ C:\WINDOWS\choice.exe
2007-05-05 13:05 <DIR> d-------- C:\ie-spyad2
2007-05-05 12:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-05 12:04 <DIR> d-------- C:\Program Files\InterMute
2007-04-26 09:49 85,504 --------- C:\WINDOWS\system32\evolusbn.dll
2007-04-26 09:49 21,984 --a------ C:\WINDOWS\system32\drivers\evolusb.sys
2007-04-26 09:34 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-04-26 09:34 <DIR> d-------- C:\Program Files\SmartMusic
2007-04-26 09:33 <DIR> d-------- C:\Psfonts
2007-04-26 09:33 <DIR> d-------- C:\Program Files\Finale 2003
2007-04-26 09:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 09:32 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-04-26 09:31 <DIR> d-------- C:\Program Files\M-Audio Uno
2007-04-22 11:47 1,829 --a------ C:\WINDOWS\mozver.dat
2007-04-22 11:47 <DIR> d-------- C:\DOCUME~1\PSUNDL~1\APPLIC~1\Snapfish
2007-04-18 10:35 <DIR> d-------- C:\Program Files\iTunes
2007-04-18 10:35 <DIR> d-------- C:\Program Files\iPod
2007-04-18 10:27 <DIR> d-------- C:\DOCUME~1\PSUNDL~1\APPLIC~1\iCloner
2007-04-18 09:49 <DIR> d-------- C:\DOCUME~1\PSUNDL~1\APPLIC~1\CopyTrans


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-12 16:32:28 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000001-00001102-00000004-20041102}.dat
2007-05-12 16:32:28 384 ----a-w C:\WINDOWS\system32\DVCState-{00000003-00000000-00000001-00001102-00000004-20041102}.dat
2007-05-05 18:20:39 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-05 17:45:05 -------- d-----w C:\Program Files\Common Files\aolshare
2007-04-26 14:32:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-18 15:34:28 -------- d-----w C:\Program Files\QuickTime
2007-04-18 15:33:11 -------- d-----w C:\Program Files\Apple Software Update
2007-03-23 03:56:41 2 ----a-w C:\WINDOWS\system32\wnstssv32.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-10 20:02:33 -------- d-----w C:\Program Files\Quicken
2007-03-10 20:02:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Intuit
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"="MIDIDEF.EXE"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^acrobat assistant.lnk
C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\AcroTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe gamma loader.exe.lnk
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^d-link reg utility.lnk
C:\PROGRA~1\DWL-G5~1\Reg.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^dwl-g520m wireless 108g mimo pci adapter utility.lnk
C:\PROGRA~1\DWL-G5~1\AIRPLUS.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^exif launcher.lnk
C:\PROGRA~1\FINEPI~1\QuickDCF.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^pinnacle pctv scheduler.lnk
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\PCLESC~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^smartui.lnk
C:\PROGRA~1\Scansoft\PAPERP~1\SmartUI\SmartUI.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atimodechange
Ati2mdxx.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cjzjyb
C:\WINDOWS\system32\s?mbols\c?rss.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cthelper
CTHELPER.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1157917618\ee\AOLSoftware.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\indexsearch
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iphsend
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins
C:\Program Files\Ipwindows\ipwins.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltho
"C:\PROGRA~1\COMMON~1\MANTEC~1\mshta.exe" -vt yazb

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrmq
C:\PROGRA~1\COMMON~1\mrmq\mrmqm.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\MSMSGS.EXE" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\paperport ptd
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pctvremote
C:\Program Files\Pinnacle\Pinnacle PCTV Deluxe\Remote\Remoterm.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pinnacledrivercheck
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pronomgr.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtray
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regshave
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\remotecontrol
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setdefprt
C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storageguard
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c77-1033-0421-040305220001}
"C:\Program Files\Common Files\{5047DE6A-0C77-1033-0421-040305220001}\Update.exe" te-110-12-0000245

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c78-1033-0421-040305220001}
"C:\Program Files\Common Files\{5047DE6A-0C78-1033-0421-040305220001}\Update.exe" te-110-12-0000245


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 11:44:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-12 11:44:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-12 11:44

[jsundlof]

Here is most recent hijackthis log after executing your instructions from your first reply - Also you asked why I do not run virus protection - no good reason. it used to be because i felt it interfered with the home network. now i don't know. any recommendations? A neighbor who is a computer tech recommends Symantec AV Corporate edition. Anyway, thank you for your help and here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:55:47 AM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://sitecontrol.hostway.com/pas/...s/Login.render
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158529351750
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5690 bytes

[jsundlof]

PS (sorry) -
I noticed in my programs tab that there is an Outerinfo>uninstall option. I am guessing that was installed when i went to outerinfo.com and attempted to opt out. Maybe that was put on my machine and I did not notice or was not told that I needed to go to this place to finish the uninstall process. I will await your further instructions before doing so.

As an aside (if such things are tolerated) read Dilbert today and yesterday for Dogbert as a malicious techsupport guy. must be tempting in some instances for you. Do be gentle with me however.

[LonnyRJones]

If you start the uninstall of Outerinfo (In addremove programs)
windows should offer to remove it from the list since it is not on your pc now.


Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

Code:

REGEDIT4
;
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cjzjyb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltho]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrmq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c77-1033-0421-040305220001}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5047de6a-0c78-1033-0421-040305220001}]
;

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.


Submit this file here and let me know whats found
C:\WINDOWS\system32\wnstssv32.exe
http://www.virustotal.com/flash/index_en.html

~~~~~~~~~~~~~~~~
I recommend almost anything besides norton or mcaffee, they are to common.
Install atleast a free anti virus and firewall program
Dont make the common mistake of installing more than one anti virus or firewall

AVG Anti-Virus-Free: http://www.grisoft.com/us/us_dwnl_free.php
AntiVir Personal Edition: http://www.free-av.com/
avast! 4 Home - Free antivirus software :
http://www.asw.cz/eng/free_virus_protectio.html
http://www.activevirusshield.com/ant...eav/index.adp?

Understanding and Using Firewalls:
http://www.bleepingcomputer.com/foru...howtutorial=60

ZoneAlarm provide's a paid for and free version http://www.zonelabs.com/
http://www.zonelabs.com/store/conten...=en&lid=nav_za

Free Firewall Software - Comodo™ Firewall: http://www.personalfirewall.comodo.com/

Outpost http://www.outpost.uk.com/download/outpost1.html


----------------------------------------------------
Your Acrobat and Java programs are out of date, update them.
After you have updated them and installed/updated an antivirus program >
Replace your hijackthis with the none beta version and post one more log and mention any problems at that time.
http://www.merijn.org/files/HijackThis.exe

[jsundlof]

Symantec is different from Norton correct? Regarding a firewall: I had thought that since this computer is on a network behind a router (netgear RT314) hardwall firewall, I did not need one. Not true? Windows XPpro firewall no good? I will download one of the virus protection programs you recommend. Thank you for your continued advice and assistance.

Scan result of wnstssv32.exe below.

Complete scanning result of "wnstssv32.exe", received in VirusTotal at 05.13.2007, 18:38:20 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.11.2007 no virus found
AntiVir 7.4.0.15 05.12.2007 no virus found
Authentium 4.93.8 05.12.2007 no virus found
Avast 4.7.997.0 05.11.2007 no virus found
AVG 7.5.0.467 05.13.2007 no virus found
BitDefender 7.2 05.13.2007 no virus found
CAT-QuickHeal 9.00 05.12.2007 no virus found
ClamAV devel-20070416 05.13.2007 no virus found
DrWeb 4.33 05.13.2007 no virus found
eSafe 7.0.15.0 05.13.2007 Win32.Xorpix.al
eTrust-Vet 30.7.3628 05.11.2007 no virus found
Ewido 4.0 05.13.2007 Trojan.Small
FileAdvisor 1 05.13.2007 No threat detected
Fortinet 2.85.0.0 05.13.2007 no virus found
F-Prot 4.3.2.48 05.12.2007 no virus found
F-Secure 6.70.13030.0 05.11.2007 no virus found
Ikarus T3.1.1.7 05.13.2007 no virus found
Kaspersky 4.0.2.24 05.13.2007 no virus found
McAfee 5029 05.11.2007 no virus found
Microsoft 1.2503 05.13.2007 no virus found
NOD32v2 2262 05.12.2007 no virus found
Norman 5.80.02 05.11.2007 no virus found
Panda 9.0.0.4 05.13.2007 no virus found
Prevx1 V2 05.13.2007 Polymorphic Trojans
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.12.2007 no virus found
Symantec 10 05.13.2007 no virus found
TheHacker 6.1.6.114 05.12.2007 no virus found
VBA32 3.12.0 05.13.2007 no virus found
VirusBuster 4.3.7:9 05.13.2007 no virus found
Webwasher-Gateway 6.0.1 05.13.2007 no virus found


Aditional Information
File size: 2 bytes
MD5: 4f3dd0ffb3e41c5f74b5b0d8c1f10bb5
SHA1: e688cf7414fb701c4495010d43a4eaaaeac71768
Bit9 info: http://fileadvisor.bit9.com/services...b5b0d8c1f10bb5
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=4f3d691635

[LonnyRJones]

Norton / symantec, Id still recommend differant antivirus
Yes the built in firewall and your router are sufficient

Download "Suspicious File Packer" Third one on this page >
http://www.safer-networking.org/en/tools/index.html
To your desktop, unzip the file inside
run sfp.exe copy then paste the list below into it and hit continue.

C:\WINDOWS\system32\wnstssv32.exe

a .cab file will have been created on your desktop
attach it here Please. http://www.thespykiller.co.uk/index.php?board=1.0

[jsundlof]

attached file as instructed. used same subject as this thread.

[LonnyRJones]

Go ahead and delete that file

Curious what antivirus program did you get ?

[jsundlof]

Nothing yet. I will probably download AVG Anti-Virus-Free which was at the top of your list for our home desktop. Then for my office desktop and laptop I am thinking of the Symantec AV corporate because my neighbor is able to sell it to me for a reasonable price. My daughter speaks well of the Trendmicro av program too. Though I am also thinking about just downloading AVG Anti-Virus-Free for the office as well. The symantec kind of concerns me because it is related to Norton about which I have heard many bad things. A local computer columnist for the Chicago trib dumps on it constantly. He is also part of the reason that I do not have a virus protection program because a couple of years ago he put forth the idea that many times virus protection programs are more trouble than they are worth and if one can maintain control of what one clicks on and where one goes, as long as one is behind a firewall, it can work out okay. I am able to control things in my one person office but not at home with my wife and son going online. That is where these popups started.

Thank you again for your great work. The popups seem to have abated. Is the job done?

[LonnyRJones]

Not untill All your PC's have a permant antivirus installed :)

A hosts file is a great idea to
http://www.mvps.org/winhelp2002/hosts.htm
It's updated about once/twice a month so be sure to replace it once and awhile.

Surf safe