[B]HIT BY: SUPERBAR, ADROTATOR, BROADJUMP, INTERNET OPTIMIZER, CLICKBANK, WINDOWS ERR

Hi Again,
I've been hit so many times, it makes me feel like giving up. I have HiJack This, Spybot S&D, AdaWare 6 and Adawatch, CW Sredder, Spysweeper, Spyblaster, and on and on...Yet these things seem to keep getting through.
I have done most of this stuff so many times, I feel I am getting fairly efficient at it, however, it seems that all I do is battle Spyware anymore on the computer. I feel the days of surfing the Internet are coming to a close as it is just becoming to much hastle for everyone. I wish something could be done about it. Anyway I have a HighJack this Log to post to see if you can tell me I'm clean. Plus there are a few strange things I see on Task Manager in processes, I hope you can advise me on. I have read your forums as well as others and have cleaned up my registry. My biggest problem has been the Windows Error Service. It just seems to keep coming back over and over. Right now, it appears quiet, but I feel as soon as I re-boot, it will be back again. There must be something that is deeply hidden in the Root Directory or one of the HKey registries. I hope you can help me find it. When I have done all the scans and deletes, I have unplugged from the Internet, Ran in Safe Mode and my System Restore is still disabled until I am sure these problems are gone. So, I hope I have done the processes right.
Before I post the log, There are some things I want to know about in the Task Manager that appear odd. Now the only things I have open are in the task bars, they are my spyware protectors and Nortons AV, your forum and windows task manager. I have seven IExplorers listed in the processes, but when I look at Applications, there is only one thing showing and that is this forum. Is this right? Or is something running and not showing up? I also have 2 things in there called arpa.exe. Are they supposed to be there? I can find no place to delete it. I have two cleaner.exe in there as well. What are these? I also have two usrmlnka.exe files, I don't recognize these either. I have went through the registry and deleted anything that resembles any of the spywares I have mentioned. However, I did not delete anything with numbers as I didn't know what they represent. So I have left them alone. The SuperBar and Adrotator, I have deleted in HighJack this but they keep coming back. I hope I have killed them once and for all this time. We'll see.
Here is My Hijack this log. Tell me if there is anything else you need. I do appreciate this forum and you folks that help us Dummies out. Logfile of HijackThis v1.97.7Scan saved at 8:28:23 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\TBPanel.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\WINDOWS\system32\arpa.exe
C:\WINDOWS\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\arpa.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\cleaner.exe
C:\WINDOWS\cleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Hijack This Zipped\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oklahomacity.cox.net
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinPatrol PLUS] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
O4 - HKLM\..\RunServices: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IncrediBar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1083478691343
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38147.7367476852
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab

Again Thanks for any help or advise.
Sincerely,
Allen Williams
Enid, Oklahoma

 

Well it's been since June 28th and before that I have battled this thing. I have not got a response from anyone. Guess, this one is too big for anyone to take on. Guess I will have to try somewhere else. Thanks Anyway. I will check back to see if anyone feels up to the challenge though, from time to time.
Sincerely,
Allen