Sorry it takes a while to get back to you. I work crazy hours. Anyway, before your last response I went ahead and uninstalled Command Antivirus because I think it had been corrupted. I installed Trojan Hunter instead and it found and removed some of the item that were showing up in Command. I also ran spysweeper which removed several thing. Below is the report from trojan hunter, spysweeper, and a new HJT log.
Trojan Hunter Log
Files\SpamBlockerUtility\bin\4.6.1.0\SbShprRprt.exe.tcf
Renamed file C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe to C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe.tcf
Renamed file C:\Program Files\SpamBlockerUtility\bin\SbUninst.exe to C:\Program Files\SpamBlockerUtility\bin\SbUninst.exe.tcf
Renamed file C:\RECYCLER\S-1-5-21-3690246030-55483478-2430187249-1006\Dc139.dll to C:\RECYCLER\S-1-5-21-3690246030-55483478-2430187249-1006\Dc139.dll.tcf
Renamed file C:\WINDOWS\Downloaded Program Files\ybuictrl.dll to C:\WINDOWS\Downloaded Program Files\ybuictrl.dll.tcf
Renamed file C:\WINDOWS\system32\a_i_037.dll to C:\WINDOWS\system32\a_i_037.dll.tcf
Renamed file C:\WINDOWS\system32\a_i_037.exe to C:\WINDOWS\system32\a_i_037.exe.tcf
Renamed file C:\WINDOWS\system32\gfzzdqpb.exe to C:\WINDOWS\system32\gfzzdqpb.exe.tcf
Trojan cleaning finished.
********
1:09 PM: |··· Start of Session, Thursday, October 06, 2005 ···|
1:09 PM: Spy Sweeper started
1:09 PM: Sweep initiated using definitions version 551
1:09 PM: Starting Memory Sweep
1:11 PM: Memory Sweep Complete, Elapsed Time: 00:02:57
1:11 PM: Starting Registry Sweep
1:12 PM: Found Adware: altnet
1:12 PM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
1:12 PM: Found Adware: apropos
1:12 PM: HKU\S-1-5-21-3690246030-55483478-2430187249-1006\software\aprps\ (7 subtraces) (ID = 103740)
1:12 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
1:12 PM: Found Adware: elitebar
1:12 PM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
1:12 PM: Found Adware: hotbar
1:12 PM: HKCR\asapcom.asapmain\ (5 subtraces) (ID = 127224)
1:12 PM: HKCR\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (19 subtraces) (ID = 127227)
1:12 PM: HKCR\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (22 subtraces) (ID = 127235)
1:12 PM: HKCR\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 127241)
1:12 PM: HKCR\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (13 subtraces) (ID = 127242)
1:12 PM: HKCR\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (16 subtraces) (ID = 127246)
1:12 PM: HKCR\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (9 subtraces) (ID = 127261)
1:12 PM: HKCR\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (10 subtraces) (ID = 127267)
1:12 PM: HKLM\software\classes\asapcom.asapclass.1\ (3 subtraces) (ID = 127385)
1:12 PM: HKLM\software\classes\asapcom.asapmain\ (5 subtraces) (ID = 127388)
1:12 PM: HKLM\software\classes\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (19 subtraces) (ID = 127393)
1:12 PM: HKLM\software\classes\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (22 subtraces) (ID = 127399)
1:12 PM: HKLM\software\classes\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 127404)
1:12 PM: HKLM\software\classes\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (13 subtraces) (ID = 127405)
1:12 PM: HKLM\software\classes\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (16 subtraces) (ID = 127409)
1:12 PM: HKLM\software\classes\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\ (2 subtraces) (ID = 127416)
1:12 PM: HKLM\software\classes\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (9 subtraces) (ID = 127425)
1:12 PM: HKLM\software\classes\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (10 subtraces) (ID = 127431)
1:12 PM: HKLM\software\classes\clsid\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541}\ (10 subtraces) (ID = 127436)
1:12 PM: HKLM\software\classes\spamblockerconfig.application\ (2 subtraces) (ID = 127536)
1:12 PM: HKLM\software\classes\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 subtraces) (ID = 127537)
1:12 PM: HKU\S-1-5-21-3690246030-55483478-2430187249-1006\software\microsoft\internet explorer\explorer bars\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (2 subtraces) (ID = 127570)
1:12 PM: HKCR\spamblockerconfig.application\ (2 subtraces) (ID = 127634)
1:12 PM: HKCR\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 subtraces) (ID = 127635)
1:12 PM: Found Adware: search fast communicator toolbar
1:12 PM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
1:12 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140681)
1:12 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
1:12 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
1:12 PM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
1:12 PM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
1:12 PM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
1:12 PM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
1:12 PM: HKU\S-1-5-21-3690246030-55483478-2430187249-1006\software\communicator toolbar\ (9 subtraces) (ID = 140688)
1:12 PM: HKU\S-1-5-21-3690246030-55483478-2430187249-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:12 PM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
1:12 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140692)
1:12 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
1:12 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
1:12 PM: Found Adware: searchforit
1:12 PM: HKCR\ca.cas\ (5 subtraces) (ID = 141009)
1:12 PM: HKCR\ca.cas.1\ (3 subtraces) (ID = 141010)
1:12 PM: HKCR\clsid\{b5f3970b-745e-46ac-b890-e08f69777d80}\ (11 subtraces) (ID = 141018)
1:12 PM: HKLM\software\classes\ca.cas\ (5 subtraces) (ID = 141027)
1:12 PM: HKLM\software\classes\ca.cas.1\ (3 subtraces) (ID = 141028)
1:12 PM: HKLM\software\classes\clsid\{b5f3970b-745e-46ac-b890-e08f69777d80}\ (11 subtraces) (ID = 141036)
1:12 PM: HKLM\software\classes\typelib\{919f8a8d-135d-44fc-a809-b36083eeae35}\ (9 subtraces) (ID = 141045)
1:12 PM: HKCR\typelib\{919f8a8d-135d-44fc-a809-b36083eeae35}\ (9 subtraces) (ID = 141065)
1:12 PM: Found Adware: topsearch
1:12 PM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
1:12 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
1:12 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
1:12 PM: Found System Monitor: visual log
1:12 PM: HKU\S-1-5-21-3690246030-55483478-2430187249-1006\software\qsetup_dyn_data\ (2 subtraces) (ID = 145736)
1:12 PM: Found Adware: delfin
1:12 PM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
1:12 PM: Found Adware: shopathomeselect
1:12 PM: HKLM\software\microsoft\code store database\distribution units\{5f3b3060-09e0-44c6-86f7-bc7b02b57bee}\ (11 subtraces) (ID = 629042)
1:12 PM: HKCR\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\ (7 subtraces) (ID = 774214)
1:12 PM: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774223)
1:12 PM: HKCR\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\ (7 subtraces) (ID = 774232)
1:12 PM: HKCR\interface\{27c4569f-8728-4958-a920-a607cae8153c}\ (7 subtraces) (ID = 774259)
1:12 PM: HKCR\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 subtraces) (ID = 774268)
1:12 PM: HKCR\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\ (7 subtraces) (ID = 774277)
1:12 PM: HKCR\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\ (7 subtraces) (ID = 774286)
1:12 PM: HKCR\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\ (7 subtraces) (ID = 774295)
1:12 PM: HKCR\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\ (7 subtraces) (ID = 774304)
1:12 PM: HKCR\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\ (7 subtraces) (ID = 774331)
1:12 PM: HKCR\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\ (7 subtraces) (ID = 774349)
1:12 PM: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774358)
1:12 PM: HKCR\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\ (7 subtraces) (ID = 774367)
1:12 PM: HKCR\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\ (7 subtraces) (ID = 774376)
1:12 PM: HKCR\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\ (7 subtraces) (ID = 774385)
1:12 PM: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774394)
1:12 PM: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774412)
1:12 PM: HKCR\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\ (7 subtraces) (ID = 774421)
1:12 PM: HKCR\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\ (7 subtraces) (ID = 774430)
1:12 PM: HKCR\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\ (7 subtraces) (ID = 774439)
1:12 PM: HKCR\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\ (7 subtraces) (ID = 774448)
1:12 PM: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774457)
1:12 PM: HKCR\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\ (7 subtraces) (ID = 774466)
1:12 PM: HKLM\software\classes\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\ (7 subtraces) (ID = 774490)
1:12 PM: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774499)
1:12 PM: HKLM\software\classes\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\ (7 subtraces) (ID = 774508)
1:12 PM: HKLM\software\classes\interface\{27c4569f-8728-4958-a920-a607cae8153c}\ (7 subtraces) (ID = 774535)
1:12 PM: HKLM\software\classes\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 subtraces) (ID = 774544)
1:12 PM: HKLM\software\classes\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\ (7 subtraces) (ID = 774553)
1:12 PM: HKLM\software\classes\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\ (7 subtraces) (ID = 774562)
1:12 PM: HKLM\software\classes\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\ (7 subtraces) (ID = 774571)
1:12 PM: HKLM\software\classes\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\ (7 subtraces) (ID = 774580)
1:12 PM: HKLM\software\classes\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\ (7 subtraces) (ID = 774607)
1:12 PM: HKLM\software\classes\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\ (7 subtraces) (ID = 774625)
1:12 PM: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774634)
1:12 PM: HKLM\software\classes\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\ (7 subtraces) (ID = 774643)
1:12 PM: HKLM\software\classes\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\ (7 subtraces) (ID = 774652)
1:12 PM: HKLM\software\classes\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\ (7 subtraces) (ID = 774661)
1:12 PM: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774670)
1:12 PM: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774688)
1:12 PM: HKLM\software\classes\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\ (7 subtraces) (ID = 774697)
1:12 PM: HKLM\software\classes\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\ (7 subtraces) (ID = 774706)
1:12 PM: HKLM\software\classes\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\ (7 subtraces) (ID = 774715)
1:12 PM: HKLM\software\classes\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\ (7 subtraces) (ID = 774724)
1:12 PM: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774733)
1:12 PM: HKLM\software\classes\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\ (7 subtraces) (ID = 774742)
1:12 PM: HKLM\software\microsoft\code store database\distribution units\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 774751)
1:12 PM: Registry Sweep Complete, Elapsed Time:00:00:15
1:12 PM: Starting Cookie Sweep
1:12 PM: Found Spy Cookie: 2o7.net cookie
1:12 PM: phyllis dunn@2o7[2].txt (ID = 1957)
1:12 PM: Found Spy Cookie: atlas dmt cookie
1:12 PM: phyllis dunn@atdmt[2].txt (ID = 2253)
1:12 PM: Found Spy Cookie: bluestreak cookie
1:12 PM: phyllis dunn@bluestreak[1].txt (ID = 2314)
1:12 PM: Found Spy Cookie: hitslink cookie
1:12 PM: phyllis
[email protected][2].txt (ID = 2790)
1:12 PM: Found Spy Cookie: go.com cookie
1:12 PM: phyllis dunn@go[1].txt (ID = 2728)
1:12 PM: Found Spy Cookie: humanclick cookie
1:12 PM: phyllis
[email protected][2].txt (ID = 2810)
1:12 PM: phyllis
[email protected][2].txt (ID = 2729)
1:12 PM: Found Spy Cookie: pricegrabber cookie
1:12 PM: phyllis dunn@pricegrabber[1].txt (ID = 3185)
1:12 PM: Found Spy Cookie: questionmarket cookie
1:12 PM: phyllis dunn@questionmarket[1].txt (ID = 3217)
1:12 PM: Found Spy Cookie: tracking cookie
1:12 PM: phyllis dunn@tracking[2].txt (ID = 3571)
1:12 PM: Found Spy Cookie: mytemplatestorage cookie
1:12 PM: phyllis
[email protected][1].txt (ID = 3050)
1:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:12 PM: Starting File Sweep
1:12 PM: Found Adware: 180search assistant/zango
1:12 PM: c:\program files\zangoclient (3 subtraces) (ID = -2147479980)
1:12 PM: c:\program files\aprps (8 subtraces) (ID = -2147481420)
1:12 PM: Found Adware: bullguard popup ad
1:12 PM: c:\documents and settings\all users\start menu\programs\bullguard (3 subtraces) (ID = -2147481289)
1:12 PM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
1:12 PM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
1:12 PM: c:\documents and settings\all users\start menu\programs\zango (2 subtraces) (ID = -2147479982)
1:12 PM: progress.res (ID = 62367)
1:12 PM: progress.res (ID = 62367)
1:14 PM: progress.res (ID = 62367)
1:14 PM: progress.res (ID = 62367)
1:14 PM: bullguard.lnk (ID = 52019)
1:14 PM: bullguard.lnk (ID = 52019)
1:14 PM: setup.inf (ID = 50158)
1:14 PM: silent.exe (ID = 147463)
1:14 PM: zanu_gdf.dat (ID = 93789)
1:14 PM: Found Adware: ezula ilookup
1:14 PM: button_small.gif (ID = 60415)
1:14 PM: Found Adware: surfsidekick
1:14 PM: sskknwrd.dll (ID = 77733)
1:15 PM: dbenderc.dll (ID = 62276)
1:15 PM: grinstall6.dll (ID = 75775)
1:15 PM: Found Adware: mindset interactive - favoriteman
1:15 PM: a_i_037.dll.tcf (ID = 69818)
1:16 PM: eabh.dll (ID = 60427)
1:16 PM: Found Adware: targetsaver
1:16 PM: tsuninst.exe (ID = 78276)
1:16 PM: Found Adware: ist yoursitebar
1:16 PM: a_i_037.exe.tcf (ID = 64498)
1:16 PM: search.src (ID = 111060)
1:17 PM: wingenerics.dll (ID = 50187)
1:17 PM: uzuwc.dll (ID = 78253)
1:17 PM: vocabulary (ID = 78283)
1:17 PM: class-barrel (ID = 78229)
1:17 PM: proxystub.dll (ID = 120164)
1:17 PM: wmv1215.dbd (ID = 57687)
1:17 PM: wmv2007.dbd (ID = 57693)
1:17 PM: wmv1920.dbd (ID = 57692)
1:17 PM: wmv1909.ddx (ID = 57691)
1:17 PM: wmv1125.ddx (ID = 57685)
1:17 PM: wmv1204.ddx (ID = 57683)
1:17 PM: wmv0904.ddx (ID = 57691)
1:17 PM: email-def-email-backgrounds.mnu (ID = 121844)
1:17 PM: email-premium-email-premium.mnu (ID = 121844)
1:17 PM: email-def-511724-9595.mnu (ID = 121842)
1:17 PM: wmv0204.ddx (ID = 57683)
1:17 PM: wmv0504.ddx (ID = 57683)
1:17 PM: wmv0412.ddx (ID = 57683)
1:17 PM: sskcwrd.dll (ID = 77712)
1:17 PM: wmv0106.ddx (ID = 57679)
1:17 PM: wmv0315.ddx (ID = 57683)
1:17 PM: email-def-email-backgrounds.mnu (ID = 121844)
1:17 PM: email-premium-email-premium.mnu (ID = 121844)
1:17 PM: email-def-511724-9595.mnu (ID = 121842)
1:17 PM: email-def-email-backgrounds.mnu (ID = 121844)
1:17 PM: email-def-email-backgrounds.mnu (ID = 121844)
1:17 PM: email-premium-email-premium.mnu (ID = 121844)
1:17 PM: email-def-511724-9595.mnu (ID = 121842)
1:17 PM: email-premium-email-premium.mnu (ID = 121844)
1:17 PM: email-def-511724-9595.mnu (ID = 121842)
1:17 PM: grinstall.inf (ID = 75773)
1:17 PM: param.ez (ID = 111058)
1:17 PM: legend.lgn (ID = 111056)
1:17 PM: spamblockerutility.inf (ID = 62333)
1:17 PM: progress.xip (ID = 62368)
1:17 PM: business_promo.xip (ID = 121856)
1:17 PM: progress.xip (ID = 62368)
1:17 PM: business_promo.xip (ID = 121856)
1:17 PM: clientax.inf (ID = 70515)
1:17 PM: File Sweep Complete, Elapsed Time: 00:05:18
1:17 PM: Full Sweep has completed. Elapsed time 00:08:36
1:17 PM: Traces Found: 1008
1:18 PM: Removal process initiated
1:18 PM: Quarantining All Traces: altnet
1:18 PM: Quarantining All Traces: apropos
1:18 PM: Quarantining All Traces: elitebar
1:18 PM: Quarantining All Traces: hotbar
1:18 PM: Quarantining All Traces: search fast communicator toolbar
1:18 PM: Quarantining All Traces: searchforit
1:18 PM: Quarantining All Traces: topsearch
1:19 PM: Quarantining All Traces: visual log
1:19 PM: Quarantining All Traces: delfin
1:19 PM: Quarantining All Traces: shopathomeselect
1:19 PM: Quarantining All Traces: 2o7.net cookie
1:19 PM: Quarantining All Traces: atlas dmt cookie
1:19 PM: Quarantining All Traces: bluestreak cookie
1:19 PM: Quarantining All Traces: hitslink cookie
1:19 PM: Quarantining All Traces: go.com cookie
1:19 PM: Quarantining All Traces: humanclick cookie
1:19 PM: Quarantining All Traces: pricegrabber cookie
1:19 PM: Quarantining All Traces: questionmarket cookie
1:19 PM: Quarantining All Traces: tracking cookie
1:19 PM: Quarantining All Traces: mytemplatestorage cookie
1:19 PM: Quarantining All Traces: 180search assistant/zango
1:19 PM: Quarantining All Traces: bullguard popup ad
1:19 PM: Quarantining All Traces: ezula ilookup
1:19 PM: Quarantining All Traces: surfsidekick
1:19 PM: Quarantining All Traces: mindset interactive - favoriteman
1:19 PM: Quarantining All Traces: targetsaver
1:19 PM: Quarantining All Traces: ist yoursitebar
1:19 PM: Removal process completed. Elapsed time 00:01:33
********
Logfile of HijackThis v1.99.1
Scan saved at 1:31:33 PM, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CENTAL~3\Cntld1.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Wireless Sync\Client\ClientShell.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\CENTAL~4\centaleim.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Phyllis Dunn\Desktop\Spyware removal Tools\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.1stsearchportal.com/sp2.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...ilion&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.my.msn.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.h...ilion&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CentaleD1] C:\PROGRA~1\CENTAL~3\Cntld1.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Centale IM.lnk = C:\Program Files\Centale IM\UNWISE.EXE
O4 - Startup: Check for updates.lnk = C:\Program Files\Centale IM\UNWISE.EXE
O4 - Startup: MOD Updates.lnk = C:\Program Files\MusicOnDemand\update.EXE
O4 - Global Startup: Wireless Sync Client.lnk = C:\Program Files\Wireless Sync\Client\ClientShell.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) -
http://a248.g.akamai...g2/download.cabO16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} -
http://sp.ask.com/do...teomab-inst.cabO16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) -
http://racing.youbet...s/ybrequest.cabO16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) -
http://software.news...k1/isetupml.cabO16 - DPF: {9E72D9D4-4DC3-429C-A4D5-EFF3AC5CC606} (InstallerAX Class) -
http://chevy.a.conte...installerAX.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://freetrial.we...bex/ieatgpc.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
http://download.spys...rCabInstall.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CD3B6305-5C82-4D9C-90B5-4E5F4F53B8B1}: NameServer = 65.169.169.5,204.117.214.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Photoshop CS\service\VersionCue.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
Hopefully this will cure it, but I'm not going to hold my breath on it. THanks for helping me, I appreciate it very much . Please let me know if there is anything else that looks bad in here.
Matt