1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

malware removal/popup/iexplore removal

Discussion in 'Virus & Other Malware Removal' started by ginny1029, Aug 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    Hello!
    In reading more of these threads I can see Im not the only one with the iexplore issue.
    Glad to know it can be corrected!!!!

    I have multiple pop-ups and my computer is as slow as dirt.
    When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
    Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
    Can MFDnNC or anyone else help?
    Thanks!!!!
    Ginny
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Posting the old log would be a start
     
  3. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 8:01:06 PM, on 7/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\TEMP\winAD.tmp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\DOCUME~1\Ginny\APPLIC~1\SSEMBL~1\notepad.exe
    C:\Documents and Settings\Ginny\My Documents\?ymantec\w?auboot.exe
    C:\Program Files\SpywareBot\SpywareBot.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\WINDOWS\LMIDC.tmp\rescue.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\LMIDC.tmp\rescue.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Ginny\Local Settings\Temporary Internet Files\Content.IE5\WPIVOHAJ\HijackThis[1].exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {133D17DD-D41B-849E-1212-F88DB926D29F} - C:\WINDOWS\system32\awqmt.dll
    O2 - BHO: (no name) - {156D49D8-D21C-819B-4912-F88DB926D49E} - C:\WINDOWS\system32\awzfhytc.dll (file missing)
    O2 - BHO: msdn_lib.msdn_hlp - {19D3A5DB-A5A3-4F95-9713-833AE4B950A4} - C:\WINDOWS\system32\msdn_lib.dll
    O2 - BHO: (no name) - {2434C584-B362-4761-80CC-5FBB13840F51} - C:\Program Files\Windows NT\menoxufap4.dll
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9E0CE829-4914-4CC3-86F7-6B6EEC00DB7D} - C:\WINDOWS\system32\ddayy.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\wucysavu.dll
    O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {DA82E92C-6CB7-45AA-A09B-18B0C8CE8FC4} - C:\Program Files\Windows NT\menoxufap83122.dll
    O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\opnmnlj.dll
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [cggxzicA] C:\WINDOWS\cggxzicA.exe
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winAD.tmp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ijsptyee.dll",forkonce
    O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{F308F788-0EBE-43C9-87B5-0B2027949477}.exe" /S
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Ginny\APPLIC~1\SSEMBL~1\notepad.exe" -vt yazb
    O4 - HKCU\..\Run: [Wqzian] "C:\Documents and Settings\Ginny\My Documents\?ymantec\w?auboot.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKCU\..\RunOnce: [*LogMeInRescue_1609595809] "C:\WINDOWS\LMIDC.tmp\rescue.exe" -runonce reboot
    O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Big Kahuna Reef 2\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Big Kahuna Reef 2\Images\armhelper.ocx
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: ddayy - C:\WINDOWS\system32\ddayy.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: opnmnlj - C:\WINDOWS\SYSTEM32\opnmnlj.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Oh MY! - We have a lot to do

    Please do ALL of this before posting the logs and one final hijack log
    ===============
    Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    ====================
    You have no active AntiVirus!

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/


    =================
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    ======================

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    ==========================

    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  5. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    Yes in trying to get this fixed I purchased a program that was suppose to take care of this but didnt. I contacted the company as I had paid for live chat and thru that a "tech guy" took over my computer and did quite a few things I didnt understand, one of which was delete several programs. Im not sure if that was one of them but I had been told that I did have a firewall, antivirus and popup blockers. I now have figured out I should take others words for things and I should learn how to check for those things myself!!!!!!
    Thanks for your help and patience!!!!
    I will do all the above as soon as I get home!!!!
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    What did you buy - Get in touch with them and demand your money back as they have not a clue. Some of what is wrong is well known and how to get rid of it is well known.
     
  7. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    ok im trying to post the three logs and im getting this error message

    The text that you have entered is too long (32635 characters). Please shorten it to 30000 characters long.
    this is the superantispyware scan log
    i will try the other two
     
  8. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    ComboFix 07-07-30.2 - "Ginny" 2007-08-01 15:55:24.1 [GMT -7:00] - NTFS
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
    * Created a new restore point


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\cbxwxyw.dll
    C:\WINDOWS\system32\cdfhxqyg.dll
    C:\WINDOWS\system32\cueqfkmb.dll
    C:\WINDOWS\system32\evqsnbgq.dll
    C:\WINDOWS\system32\ffqimphe.dll
    C:\WINDOWS\system32\fwutlari.dll
    C:\WINDOWS\system32\gwyrybun.dll
    C:\WINDOWS\system32\jkkjhhg.dll
    C:\WINDOWS\system32\khfdcyy.dll
    C:\WINDOWS\system32\lucmwmaa.dll
    C:\WINDOWS\system32\opnlmjk.dll
    C:\WINDOWS\system32\oxelmxpg.dll
    C:\WINDOWS\system32\ssqollm.dll
    C:\WINDOWS\system32\wkpjumoh.dll
    C:\WINDOWS\system32\wsbvmyhe.dll
    C:\WINDOWS\system32\wucysavu.dll
    C:\WINDOWS\system32\xhtytcfh.dll
    C:\WINDOWS\system32\xhtytcfh.dll
    C:\WINDOWS\system32\bmkfqeuc.ini
    C:\WINDOWS\system32\ehymvbsw.ini2
    C:\WINDOWS\system32\ehymvbsw.tmp
    C:\WINDOWS\system32\yyadd.bak1
    C:\WINDOWS\system32\yyadd.bak2
    C:\WINDOWS\system32\yyadd.ini
    C:\WINDOWS\system32\yyadd.ini2
    C:\WINDOWS\system32\yyadd.tmp
    C:\WINDOWS\system32\ehymvbsw.ini2
    C:\WINDOWS\system32\ehymvbsw.tmp
    C:\WINDOWS\system32\yyadd.bak1
    C:\WINDOWS\system32\yyadd.bak2
    C:\WINDOWS\system32\yyadd.ini
    C:\WINDOWS\system32\yyadd.ini2
    C:\WINDOWS\system32\yyadd.tmp


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Ginny\APPLIC~1.\.rdr.ini
    C:\DOCUME~1\Ginny\APPLIC~1.\macromedia\Flash Player\#SharedObjects\D5HK977S\www.broadcaster.com
    C:\DOCUME~1\Ginny\APPLIC~1.\macromedia\Flash Player\#SharedObjects\D5HK977S\www.broadcaster.com\played_list.sol
    C:\DOCUME~1\Ginny\APPLIC~1.\macromedia\Flash Player\#SharedObjects\D5HK977S\www.broadcaster.com\video_queue.sol
    C:\DOCUME~1\Ginny\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\Ginny\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\DOCUME~1\Ginny\APPLIC~1.\ssembl~1
    C:\DOCUME~1\Ginny\APPLIC~1.\winantispyware 2007 free
    C:\DOCUME~1\Ginny\APPLIC~1.\winantispyware 2007 free\description.txt
    C:\DOCUME~1\Ginny\APPLIC~1.\winantispyware 2007 free\DownloadUWAS7.url
    C:\DOCUME~1\Ginny\APPLIC~1\install.dat
    C:\DOCUME~1\Ginny\MYDOCU~1.\ymante~1
    C:\DOCUME~1\Ginny\MYDOCU~1.\ymante~1\w?auboot.exe
    C:\Documents and Settings\Ginny.\err.log
    C:\Program Files\appatc~1
    C:\Program Files\Common Files\dobe~1
    C:\Program Files\Common Files\rtejeg.html
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
    C:\Program Files\Windows NT\menoxufap4.dll
    C:\Program Files\Windows NT\menoxufap83122.dll
    C:\WINDOWS\180ax.exe
    C:\WINDOWS\2020search.dll
    C:\WINDOWS\764.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\b104.exe
    C:\WINDOWS\bjam.dll
    C:\WINDOWS\cdsm32.dll
    C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\mspphe.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\rau001978.exe
    C:\WINDOWS\saiemod.dll
    C:\WINDOWS\salm.exe
    C:\WINDOWS\satmat.exe
    C:\WINDOWS\swin32.dll
    C:\WINDOWS\system32\awqmt.dll
    C:\WINDOWS\system32\b02FdUe
    C:\WINDOWS\system32\b06FdUe
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\gtv_sd.bin
    C:\WINDOWS\system32\L1
    C:\WINDOWS\system32\L1\mwspasrt83122.exe
    C:\WINDOWS\system32\L11
    C:\WINDOWS\system32\L3
    C:\WINDOWS\system32\L5
    C:\WINDOWS\system32\L7
    C:\WINDOWS\system32\mrdsregl.exe
    C:\WINDOWS\system32\msixu.dll
    C:\WINDOWS\system32\sl.bin
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wer8274.dll
    C:\WINDOWS\system32\win
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\wnscpcc.exe
    C:\WINDOWS\temp\salm.exe
    C:\WINDOWS\TISKY009.exe
    C:\WINDOWS\uninst2.htm
    C:\WINDOWS\unist1.htm
    C:\WINDOWS\updatetc.exe
    C:\WINDOWS\wml.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_FOPN
    -------\LEGACY_NET_AGENT
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\Net Agent


    ((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


    2007-08-01 15:52 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-01 14:12 <DIR> d-------- C:\Program Files\Trend Micro
    2007-08-01 14:05 125,504 --a------ C:\WINDOWS\system32\jjxhnqtj.dll
    2007-07-31 21:10 <DIR> d-------- C:\DOCUME~1\dayne\APPLIC~1\Yahoo!
    2007-07-31 17:40 125,504 --a------ C:\WINDOWS\system32\gcfopggp.dll
    2007-07-31 17:14 125,504 --a------ C:\WINDOWS\system32\fxukjcxl.dll
    2007-07-31 16:51 <DIR> d-------- C:\DOCUME~1\dayne\APPLIC~1\SpywareBot
    2007-07-31 16:51 <DIR> d-------- C:\DOCUME~1\dayne\APPLIC~1\GTek
    2007-07-31 16:50 696,320 --a------ C:\DOCUME~1\dayne\NTUSER.DAT
    2007-07-31 16:50 <DIR> d-------- C:\DOCUME~1\dayne\APPLIC~1\Google
    2007-07-31 16:11 125,504 --a------ C:\WINDOWS\system32\erkjlcwm.dll
    2007-07-31 16:06 <DIR> d-------- C:\Program Files\RegCure
    2007-07-30 22:59 125,504 --a------ C:\WINDOWS\system32\lghsjsoi.dll
    2007-07-30 19:48 400,997 --a------ C:\Temp\bY001.exe
    2007-07-30 19:29 <DIR> d-------- C:\WINDOWS\network diagnostic
    2007-07-30 18:42 <DIR> d-------- C:\WINDOWS\LMIDC.tmp
    2007-07-27 19:54 126,016 --a------ C:\WINDOWS\system32\plyoumdr.dll
    2007-07-27 13:57 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-07-27 13:57 11,264 --a------ C:\WINDOWS\vxddsk.exe
    2007-07-24 18:21 <DIR> d-------- C:\DOCUME~1\Ginny\APPLIC~1\SpywareBot
    2007-07-24 18:20 18,672 --a------ C:\WINDOWS\system32\drivers\antispyfilter.sys
    2007-07-24 18:20 <DIR> d-------- C:\Program Files\SpywareBot
    2007-07-22 09:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-07-22 09:46 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-07-21 16:52 192,606 --a------ C:\WINDOWS\system32\kwinsndt.exe
    2007-07-21 16:51 <DIR> d-------- C:\Temp\brr
    2007-07-21 16:51 <DIR> d-------- C:\Temp\0c2
    2007-07-21 16:51 <DIR> d-------- C:\Temp
    2007-07-21 16:21 <DIR> d-------- C:\Program Files\ISM
    2007-07-18 16:07 <DIR> d-------- C:\Program Files\Big Kahuna Reef 2
    2007-07-18 16:07 <DIR> d-------- C:\DOCUME~1\Ginny\APPLIC~1\SpinTop
    2007-07-13 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-07-13 17:41 107,688 --a------ C:\WINDOWS\TrueInstall.exe
    2007-07-13 17:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    2007-07-13 17:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    2007-07-10 22:41 <DIR> d-------- C:\DOCUME~1\Ginny\Contacts
    2007-07-10 22:40 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-01 16:00 --------- d-------- C:\Program Files\Windows NT
    2007-07-30 21:39 --------- d-------- C:\DOCUME~1\Ginny\APPLIC~1\Move Networks
    2007-07-27 13:57 801 --a------ C:\WINDOWS\system32\drivers\system_stable_header_small.gif
    2007-07-27 13:57 6533 --a------ C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
    2007-07-27 13:57 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small.gif
    2007-07-27 13:57 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
    2007-07-27 13:57 291 --a------ C:\WINDOWS\system32\drivers\v.gif
    2007-07-27 13:57 283 --a------ C:\WINDOWS\system32\drivers\x.gif
    2007-07-27 13:57 1636 --a------ C:\WINDOWS\system32\drivers\system_stable_header.gif
    2007-07-27 13:57 15075 --a------ C:\WINDOWS\system32\drivers\system_stable_box.jpg
    2007-07-27 13:56 945 --a------ C:\WINDOWS\system32\drivers\s_detect.htm
    2007-07-27 13:56 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
    2007-07-27 13:56 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
    2007-07-27 13:56 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
    2007-07-27 13:56 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
    2007-07-27 13:56 6575 --a------ C:\WINDOWS\system32\drivers\remove_spyware_button.gif
    2007-07-27 13:56 64 --a------ C:\WINDOWS\system32\drivers\close_icon.gif
    2007-07-27 13:56 6373 --a------ C:\WINDOWS\system32\drivers\secuity_center_logo.gif
    2007-07-27 13:56 580 --a------ C:\WINDOWS\system32\drivers\features.gif
    2007-07-27 13:56 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
    2007-07-27 13:56 50169 --a------ C:\WINDOWS\system32\drivers\pt.htm
    2007-07-27 13:56 4825 --a------ C:\WINDOWS\system32\drivers\detect.htm
    2007-07-27 13:56 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
    2007-07-27 13:56 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
    2007-07-27 13:56 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
    2007-07-27 13:56 360 --a------ C:\WINDOWS\system32\drivers\header_bg.gif
    2007-07-27 13:56 3099 --a------ C:\WINDOWS\system32\drivers\logo.gif
    2007-07-27 13:56 2186 --a------ C:\WINDOWS\system32\drivers\alert_icon.gif
    2007-07-27 13:56 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
    2007-07-27 13:56 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
    2007-07-27 13:56 13618 --a------ C:\WINDOWS\system32\drivers\spy_away_box.jpg
    2007-07-27 13:56 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
    2007-07-27 13:56 10260 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    2007-07-27 13:56 1014 --a------ C:\WINDOWS\system32\drivers\icon_warning.gif
    2007-07-24 18:36 --------- d-------- C:\Program Files\Free Offers from Freeze.com
    2007-07-23 15:57 --------- d-------- C:\Program Files\Google
    2007-07-22 20:34 --------- d-------- C:\DOCUME~1\Ginny\APPLIC~1\Google
    2007-07-14 15:36 --------- d-------- C:\DOCUME~1\Ginny\APPLIC~1\Yahoo!
    2007-07-13 18:21 --------- d-------- C:\Program Files\TruePoker
    2007-07-13 18:04 --------- d-------- C:\Program Files\MySpace
    2007-07-13 17:57 --------- d-------- C:\Program Files\Yahoo!
    2007-07-13 17:46 --------- d-------- C:\Program Files\Common Files\AOL
    2007-07-13 17:40 --------- d-------- C:\Program Files\Verizon Online
    2007-07-13 17:35 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-13 17:30 --------- d-------- C:\Program Files\Dell
    2007-07-13 17:28 --------- d-------- C:\Program Files\Common Files\Corel
    2007-07-13 17:27 --------- d-------- C:\Program Files\Common Files\Oberon Media
    2007-06-25 06:53 53248 --a------ C:\WINDOWS\uninst1014.exe
    2007-06-03 18:28 --------- d-------- C:\Program Files\HP
    2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 19:07 98958 --a------ C:\WINDOWS\hpiins02.dat
    2007-04-18 21:20 48112 --a------ C:\DOCUME~1\Ginny\APPLIC~1\GDIPFONTCACHEV1.DAT
    2006-08-05 19:23:10 104 --sh--r C:\WINDOWS\system32\CF4CCD37CE.sys
    2006-08-05 19:23:12 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000026-8735-428D-B81F-DD098223B25F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{156D49D8-D21C-819B-4912-F88DB926D49E}]
    C:\WINDOWS\system32\awzfhytc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19D3A5DB-A5A3-4F95-9713-833AE4B950A4}]
    C:\WINDOWS\system32\msdn_lib.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30000273-8230-4dd4-be4f-6889d1e74167}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC9E5397-5F85-42AB-B9D1-33B5B4D87364}]
    C:\WINDOWS\system32\ddayy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-02 23:10]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-01 14:22]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" [2007-07-23 07:42]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "Sen"="C:\DOCUME~1\Ginny\APPLIC~1\SSEMBL~1\notepad.exe" []
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Common Files\rtejeg.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayy]
    C:\WINDOWS\system32\ddayy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmnlj]
    opnmnlj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
    winzzc32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ginny^Start Menu^Programs^Startup^DING!.lnk]
    path=C:\Documents and Settings\Ginny\Start Menu\Programs\Startup\DING!.lnk
    backup=C:\WINDOWS\pss\DING!.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    C:\WINDOWS\TEMP\win55.tmp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cggxzicA]
    C:\WINDOWS\cggxzicA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
    C:\WINDOWS\g4356cbvy63

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
    "C:\DOCUME~1\Ginny\APPLIC~1\SSEMBL~1\notepad.exe" -vt yazb

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
    mgrs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
    C:\Program Files\SpywareBot\SpywareBot.exe -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
    C:\WINDOWS\system32\kernelwind32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
    rundll32.exe "C:\WINDOWS\system32\lghsjsoi.dll",forkonce

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
    C:\Windows\xpupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wqzian]
    "C:\Documents and Settings\Ginny\My Documents\?ymantec\w?auboot.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DRIVERS\antispyfilter.sys
    R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
    R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    R2 SpywareBotSrv;SpywareBot Scanning Engine;"C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe"
    R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
    R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
    R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
    S3 ApiMon;ApiMon;\??\C:\WINDOWS\system32\drivers\ApiMon.sys
    S3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Ginny\LOCALS~1\Temp\tniFC.tmp
    S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}]
    C:\WINDOWS\system32\tmrsrv32.exe

    Contents of the 'Scheduled Tasks' folder
    2007-08-01 23:02:29 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
    2007-07-31 23:06:37 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
    2007-08-01 23:02:53 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-01 16:02:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000190

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-01 16:04:50 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-01 16:04

    --- E O F ---
     
  9. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:38:16 PM, on 8/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\SpywareBot\SpywareBot.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {156D49D8-D21C-819B-4912-F88DB926D49E} - C:\WINDOWS\system32\awzfhytc.dll (file missing)
    O2 - BHO: msdn_lib.msdn_hlp - {19D3A5DB-A5A3-4F95-9713-833AE4B950A4} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Ginny\APPLIC~1\SSEMBL~1\notepad.exe" -vt yazb
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Big Kahuna Reef 2\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Big Kahuna Reef 2\Images\armhelper.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ddayy - C:\WINDOWS\system32\ddayy.dll (file missing)
    O20 - Winlogon Notify: opnmnlj - opnmnlj.dll (file missing)
    O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rtejeg.html

    --
    End of file - 7772 bytes
     
  10. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/01/2007 at 05:26 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3277
    Trace Rules Database Version: 1288

    Scan type : Complete Scan
    Total Scan Time : 01:13:50

    Memory items scanned : 325
    Memory threats detected : 1
    Registry items scanned : 5904
    Registry threats detected : 47
    File items scanned : 60967
    File threats detected : 391

    Unclassified.SpywareBot (Not A Threat)
    C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
    C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
    [SpywareBot] C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
    HKU\S-1-5-21-546359030-3413894923-3298345001-1006\Software\SpywareBot
    C:\Program Files\SpywareBot\Databases\spy.ref
    C:\Program Files\SpywareBot\Databases
    C:\Program Files\SpywareBot\FilterDrv\antispyfilter.amd64.sys
    C:\Program Files\SpywareBot\FilterDrv\antispyfilter.cat
    C:\Program Files\SpywareBot\FilterDrv\antispyfilter.inf
    C:\Program Files\SpywareBot\FilterDrv\antispyfilter.x86.sys
    C:\Program Files\SpywareBot\FilterDrv
    C:\Program Files\SpywareBot\Launcher.exe
    C:\Program Files\SpywareBot\Log\2007 Aug 01 - 02_00_57 PM.log
    C:\Program Files\SpywareBot\Log\2007 Aug 01 - 02_39_57 PM.log
    C:\Program Files\SpywareBot\Log\2007 Aug 01 - 03_48_19 PM.log
    C:\Program Files\SpywareBot\Log\2007 Aug 01 - 04_02_58 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 24 - 06_21_19 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 24 - 06_46_50 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 26 - 01_29_39 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 26 - 03_00_09 AM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 27 - 01_55_18 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 27 - 07_48_58 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 28 - 04_47_15 AM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 28 - 04_58_05 AM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 05_52_06 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 06_07_07 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 07_48_52 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 08_22_23 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 08_50_34 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 09_24_25 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 09_27_22 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 09_50_08 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 10_15_42 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 30 - 10_52_51 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 03_55_51 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 04_47_16 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 04_52_02 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 04_57_18 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 05_00_26 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 05_08_10 PM.log
    C:\Program Files\SpywareBot\Log\2007 Jul 31 - 09_08_27 PM.log
    C:\Program Files\SpywareBot\Log
    C:\Program Files\SpywareBot\Microsoft.VC80.ATL\atl80.dll
    C:\Program Files\SpywareBot\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest
    C:\Program Files\SpywareBot\Microsoft.VC80.ATL
    C:\Program Files\SpywareBot\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    C:\Program Files\SpywareBot\Microsoft.VC80.CRT\msvcm80.dll
    C:\Program Files\SpywareBot\Microsoft.VC80.CRT\msvcp80.dll
    C:\Program Files\SpywareBot\Microsoft.VC80.CRT\msvcr80.dll
    C:\Program Files\SpywareBot\Microsoft.VC80.CRT
    C:\Program Files\SpywareBot\SpyCleaner.plg.dll
    C:\Program Files\SpywareBot\SpywareBot.url
    C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
    C:\Program Files\SpywareBot\vistaCPtasks.xml
    C:\Program Files\SpywareBot
    C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot on the Web.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot
    C:\WINDOWS\Prefetch\LAUNCHER.EXE-199899CD.pf
    C:\WINDOWS\Prefetch\SPYWAREBOT.EXE-28EB75DE.pf
    C:\WINDOWS\Prefetch\SPYWAREBOTSRV.SRV.EXE-0CCDCC99.pf
     
  11. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{AC9E5397-5F85-42AB-B9D1-33B5B4D87364}
    HKCR\CLSID\{AC9E5397-5F85-42AB-B9D1-33B5B4D87364}
    HKCR\CLSID\{AC9E5397-5F85-42AB-B9D1-33B5B4D87364}\InprocServer32
    HKCR\CLSID\{AC9E5397-5F85-42AB-B9D1-33B5B4D87364}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\DDAYY.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC9E5397-5F85-42AB-B9D1-33B5B4D87364}

    sPeerObj Class BHO
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000026-8735-428D-B81F-DD098223B25F}

    Adware.2020Search
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}

    Adware.404Search
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

    Adware.180solutions/SurfAssistant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}

    Adware.Second Thought
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}

    Trojan.PBar
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

    Adware.Mirar/NetNucleus
    HKU\S-1-5-21-546359030-3413894923-3298345001-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\WINATS.DLL
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [  ]
    C:\WINDOWS\Downloaded Program Files\WinATS.inf
    C:\DOCUMENTS AND SETTINGS\GINNY\APPLICATION DATA\SPYWAREBOT\QUARANTINE\27-07-2007-13-56-31\76.QIT
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP544\A0054494.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][6].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][3].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][3].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][8].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][5].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][4].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][8].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][1].txt
    C:\Documents and Settings\dayne\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][3].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][4].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][5].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][6].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][7].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][3].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][4].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][5].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][7].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][3].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][4].txt
    C:\Documents and Settings\Ginny\Cookies\[email protected][5].txt
    C:\Documents and Settings\LocalService\Cookies\local [email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\local [email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][2].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\network [email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
     
  12. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    Trojan.WinBo32/Enhance
    HKU\.DEFAULT\Software\System\sysuid
    HKU\S-1-5-20\Software\System\sysuid
    HKU\S-1-5-18\Software\System\sysuid

    Trojan.Downloader-PFE
    HKLM\Software\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}
    HKLM\Software\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}#StubPath

    Adware.Search2Find
    C:\DOCUMENTS AND SETTINGS\GINNY\DESKTOP\FIND SPYWARE REMOVER.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0073793.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0073795.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0073797.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0074792.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0074797.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0074799.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0074801.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0077816.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0077819.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0081788.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0081793.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0081794.LNK

    Trojan.TagASaurus
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\DESKTOP\SEARCHUS.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\DESKTOP\SEARCHUS.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0062790.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0062791.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0063787.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0063788.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0064785.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0064786.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0065786.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0065787.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0066859.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0066860.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0070793.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0070794.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0070795.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0075788.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0075789.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0076787.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0076788.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0077785.EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\DESKTOP\SEARCHUS.EXE

    Trojan.Downloader-StdRun/Gen
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN1.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN10.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN11.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN12.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN14.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN18.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN19.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN25.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN26.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN3.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN31.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN32.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN37.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN4.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN42.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN43.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN48.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN49.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN5.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN54.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN55.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN60.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN62.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN1.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN10.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN18.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN2.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN24.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN25.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN26.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN32.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN33.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN38.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN39.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN4.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN44.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN45.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN47.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN5.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN55.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN56.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN57.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN59.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN6.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN68.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN69.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN7.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN70.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN71.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN73.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN74.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN8.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN9.EXE

    Adware.AdSponsor/ISM
    C:\PROGRAM FILES\ISM\BNDDRIVE.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0057696.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0057697.EXE

    Adware.ClickSpring
    C:\QooBox\Quarantine\C\DOCUME~1\Ginny\MYDOCU~1\YMANTE~1\WAUBOO~1.VIR

    Adware.k8l
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\RTEJEG.HTML.VIR

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

    Unclassified.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINDOWS NT\MENOXUFAP4.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINDOWS NT\MENOXUFAP83122.DLL.VIR

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSCPCC.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0054669.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP547\A0057722.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080810.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080811.EXE

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NETINSTALLER.EXE.VIR

    Adware.ClickSpring/Resident
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AWQMT.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0054666.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080814.DLL

    Adware.Vundo Variant
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CBXWXYW.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KHFDCYY.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OPNLMJK.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080842.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080850.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080852.DLL

    Adware.ZenoSearch
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MRDSREGL.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TISKY009.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP548\A0057801.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080813.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080841.EXE

    Unclassified.Unknown Origin/System
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR

    Trojan.Downloader-Stera/WinSoftware
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP544\A0054445.EXE

    Adware.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP545\A0054562.CFG
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0057694.CFG

    Trojan.ZQuest
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080815.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080816.DLL

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080849.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0080854.DLL

    Torjan.SecondThoughtInstaller
    C:\WINDOWS\INSTALLER\ID53.EXE

    Trojan.ZenoSearch
    C:\WINDOWS\SYSTEM32\KWINSNDT.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\test[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\_affvm[1]
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\top1_menu[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\CA3ISJRP.htm
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\checksoft[1].js
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\button2[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\top1[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\index[1].htm
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\logo[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\ico2[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\_jnvm[1]
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\CA2RWP4T.js
     
  13. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\ico1[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\top_pic2[1].gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\CA18BYJN.gif
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\wav_banner[1].swf
    C:\Documents and Settings\dayne\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\favicon[1].ico
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\32647543ygwvrhbjt3h4evjrbgnrt[2].htm
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\32647543ygwvrhbjt3h4evjrbgnrt[1].htm
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\32647543ygwvrhbjt3h4evjrbgnrt[3].htm
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\32647543ygwvrhbjt3h4evjrbgnrt[3].htm
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3VMYURU6\32647543ygwvrhbjt3h4evjrbgnrt[1].htm
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TUAL1A75\32647543ygwvrhbjt3h4evjrbgnrt[2].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0T2V0P6R\ack[1].htm
     
  14. ginny1029

    ginny1029 Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    16
    please let me know what else you would like me to do
    and again THANK YOU!!!
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis &#8211; mark them, close IE, click fix checked

    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

    O2 - BHO: (no name) - {156D49D8-D21C-819B-4912-F88DB926D49E} - C:\WINDOWS\system32\awzfhytc.dll (file missing)

    O2 - BHO: msdn_lib.msdn_hlp - {19D3A5DB-A5A3-4F95-9713-833AE4B950A4} - C:\WINDOWS\system32\msdn_lib.dll (file missing)

    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe &#8211;boot

    O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Ginny\APPLIC~1\SSEMBL~1\notepad.exe" -vt yazb

    O20 - Winlogon Notify: ddayy - C:\WINDOWS\system32\ddayy.dll (file missing)

    O20 - Winlogon Notify: opnmnlj - opnmnlj.dll (file missing)

    O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)

    O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe

    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rtejeg.html
    =======
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    SpywareBot Scanning Engine

    Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

    =========
    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\SpywareBot
    C:\Program Files\Common Files\rtejeg.html

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START &#8211; RUN &#8211; type in %temp% - OK - Edit &#8211; Select all &#8211; File &#8211; Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn&#8217;t work and the current status of your system
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/603673

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice