1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop Up On Internet Explorer

Discussion in 'Virus & Other Malware Removal' started by php08penn, Jul 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. php08penn

    php08penn Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    5
    HI! I'm a new member. For couple days, I receive many pop up from difference site such as WinAntivirus pop up, AMEANE pop up ... on internet explorer. I try many difference way to stop it but it couldn't work. I did run adware 2007 and antivirus. Helps!
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Welcome to TSG

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. php08penn

    php08penn Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    5
    After I download HJTInstall.exe and install to my desktop, I run it. Here is my log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:24:53 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\FNTS~1\taskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:6198
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = clinic.mcafee.com;bin.mcafee.com;download.mcafee.com;<local>
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135242701\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Proxyconn\PxUi.exe" /Automation
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [DownloadWare Engine] "C:\Program Files\DownloadWare Engine\DWE.EXE" /H
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AHNUBHRX] C:\WINDOWS\AHNUBHRX.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [wfmlibal.exe] C:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mucxvsmw.dll",forkonce
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\FNTS~1\taskmgr.exe" -vt yazb
    O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\mimi\Desktop\New Folder\LimeWire\LimeWire.exe
    O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpander.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1179970730438
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    ===============
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  5. php08penn

    php08penn Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    5
    Here my log file for SUPERAntiSpyware:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/15/2007 at 06:24 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3269
    Trace Rules Database Version: 1280

    Scan type : Complete Scan
    Total Scan Time : 02:00:47

    Memory items scanned : 549
    Memory threats detected : 0
    Registry items scanned : 7419
    Registry threats detected : 1
    File items scanned : 71894
    File threats detected : 112

    Adware.MyWay
    HKU\S-1-5-21-1445276385-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}

    Adware.Tracking Cookie
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][4].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][4].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][4].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][3].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\m[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][1].txt
    C:\Documents and Settings\mimi\Cookies\[email protected][2].txt

    Adware.ClickSpring/Outer Info Network
    C:\Documents and Settings\mimi\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\mimi\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\mimi\Start Menu\Programs\Outerinfo

    Adware.ClickSpring/Yazzle
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINADMIN.EXE
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE
    C:\WINDOWS\PREFETCH\YAZZLE1162OINADMIN.EXE-2F553437.PF

    Adware.ClickSpring
    C:\QOOBOX\QUARANTINE\C\WINDOWS\FNTS~1\TASKMGR.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP362\A0336694.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345614.EXE

    Adware.ClickSpring/Resident
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JLTTH.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JWNOP.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345596.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345611.DLL

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSINTICOMSV.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345592.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345610.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345615.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP368\A0345622.DLL

    Adware.eXactAdvertising-Installer
    C:\WINDOWS\EXTRACT.EXE
    C:\WINDOWS\MSBBI.EXE
     
  6. php08penn

    php08penn Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    5
    Here my log file for ComboFix:

    "mimi" - 2007-07-15 15:07:45 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\geedecy.dll
    C:\WINDOWS\system32\mucxvsmw.dll
    C:\WINDOWS\system32\nqejfsqm.dll
    C:\WINDOWS\system32\qomjghe.dll
    C:\WINDOWS\system32\geedecy.dll
    C:\WINDOWS\system32\qomjghe.dll
    C:\WINDOWS\system32\winrkp32.dll
    C:\WINDOWS\SYSTEM32\bbeeg.bak1
    C:\WINDOWS\SYSTEM32\bbeeg.bak2
    C:\WINDOWS\SYSTEM32\bbeeg.ini
    C:\WINDOWS\SYSTEM32\bbeeg.tmp
    C:\WINDOWS\SYSTEM32\wmsvxcum.ini
    C:\WINDOWS\system32\geebb.dll
    C:\WINDOWS\system32\ssqqpnm.dll
    C:\WINDOWS\system32\ssqqpnm.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.rtf
    C:\WINDOWS\fnts~1
    C:\WINDOWS\fnts~1\taskmgr.exe
    C:\WINDOWS\system32\jltth.dll
    C:\WINDOWS\system32\jwnop.dll
    C:\WINDOWS\system32\wnsinticomsv.exe
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))


    2007-07-15 15:11 40,183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    2007-07-15 15:06 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-15 12:51 <DIR> d----c--- C:\Hijackthis
    2007-07-15 12:39 66,624 --a------ C:\WINDOWS\SYSTEM32\ibfgyhrg.dll
    2007-07-15 12:36 66,112 --a------ C:\WINDOWS\SYSTEM32\amslrmup.exe
    2007-07-14 14:05 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-14 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-14 12:42 66,624 --a------ C:\WINDOWS\SYSTEM32\yterbman.dll
    2007-07-14 12:36 66,112 --a------ C:\WINDOWS\SYSTEM32\rdcodtak.exe
    2007-07-13 11:46 66,624 --a------ C:\WINDOWS\SYSTEM32\grooeqac.dll
    2007-07-08 16:35 7,882 --a------ C:\WINDOWS\SYSTEM32\GTKCMOS.sys
    2007-07-08 16:35 7,626 --a------ C:\WINDOWS\SYSTEM32\GPCIEnum.sys
    2007-07-08 16:35 7,168 --a------ C:\WINDOWS\SYSTEM32\DLPT64.sys
    2007-07-08 16:35 6,656 --a------ C:\WINDOWS\SYSTEM32\DLPT2.sys
    2007-07-08 16:35 5,632 --a------ C:\WINDOWS\SYSTEM32\GPCIEn64.sys
    2007-07-08 16:35 5,120 --a------ C:\WINDOWS\SYSTEM32\GTKCMO64.sys
    2007-07-08 16:35 4,608 --a------ C:\WINDOWS\SYSTEM32\DDMI64.sys
    2007-06-17 16:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\VirtualExpander


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-15 19:33:09 -------- d-----w C:\Program Files\Symantec AntiVirus
    2007-07-15 19:04:26 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\MSN6
    2007-07-15 18:05:15 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\WeatherBug
    2007-07-14 18:05:42 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\Lavasoft
    2007-07-14 18:04:10 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-13 23:00:03 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\Move Networks
    2007-07-01 22:06:29 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-06-30 20:26:12 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\MSNInstaller
    2007-06-26 20:44:57 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-06-24 18:52:06 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\U3
    2007-06-14 15:32:53 -------- d-----w C:\Program Files\Solid Edge V18
    2007-06-14 15:32:53 -------- d-----w C:\Program Files\iTunes
    2007-06-04 21:36:55 -------- d-----w C:\Program Files\progeSOFT
    2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-03 00:36:30 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\Unigraphics Solutions
    2007-06-03 00:16:08 -------- d-----w C:\Program Files\Rainbow Technologies
    2007-05-29 22:37:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-29 22:37:09 -------- d-----w C:\Program Files\Google
    2007-05-26 23:40:58 -------- d-----w C:\Program Files\WinCleaner Memory Optimizer
    2007-05-25 01:01:14 -------- d-----w C:\Program Files\Microsoft Works
    2007-05-24 02:42:35 -------- d-----w C:\DOCUME~1\mimi\APPLIC~1\Real
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-01 15:35:12 146,432 --sh--w C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2006-03-20 23:04:16 205,016 ----a-w C:\Program Files\UserChanges.tb2
    2005-06-05 15:16:34 3,370 ----a-w C:\Program Files\A1Clean.ini
    2004-11-14 20:33:29 33 -c--a-w C:\DOCUME~1\mimi\APPLIC~1\tvmcwrd.dll
    2003-11-10 02:06:18 808 -c--a-w C:\Program Files\INSTALL.LOG
    2003-10-01 08:28:00 78,080 -c--a-w C:\DOCUME~1\mimi\APPLIC~1\GDIPFONTCACHEV1.DAT


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2006-06-06 09:28 439872 --a------ C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2006-01-06 12:52 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D9E713D-0388-4384-BDD8-2A42EB1C4F04}]
    C:\Program Files\Proxyconn\PrxcnBrsrCtrl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
    2001-07-25 11:00 143420 --a------ C:\Program Files\Microsoft Money\System\mnyviewer.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-09-15 11:47]
    "Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 16:15]
    "IPInSightMonitor 01"="C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
    "nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18]
    "DownloadAccelerator"="C:\PROGRA~1\DAP\DAP.exe" [2005-05-31 21:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
    "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" []
    "HostManager"="C:\Program Files\Common Files\AOL\1135242701\ee\AOLHostManager.exe" []
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36]
    "WinampAgent"="C:\Program Files\Winamp3\winampa.exe" []
    "WhenUSave"="C:\PROGRA~1\Save\Save.exe" []
    "SpyHunter"="C:\Program Files\SpyHunter\SpyHunter.exe" []
    "PxClient.exe"="C:\Program Files\Proxyconn\PxUi.exe" []
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" []
    "KAZAA"="C:\Program Files\Kazaa\kazaa.exe" [2003-02-06 15:21]
    "IPInSightLAN 01"="C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" []
    "DownloadWare Engine"="C:\Program Files\DownloadWare Engine\DWE.exe" []
    "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-29 15:53]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-24 01:01]
    "wfmlibal.exe"="C:\Documents and Settings\All Users\Application Data\wfmlibal.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-12-10 15:46]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-06-14 11:05]
    "Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" []
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 11:00]
    "Forbes"="C:\Program Files\Forbes\ForbesAlerts.exe" []
    "ClockSync"="C:\PROGRA~1\CLOCKS~1\Sync.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1934cfba-107a-11dc-b031-00038a000015}]
    AutoRun\command- F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{479b339e-2282-11dc-b052-00038a000015}]
    AutoRun\command- F:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    2007-07-15 19:37:03 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-15 15:34:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-15 15:40:21 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-15 15:39

    --- E O F ---
     
  7. php08penn

    php08penn Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    5
    Here my log file for HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:33:41 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpander.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:6198
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = clinic.mcafee.com;bin.mcafee.com;download.mcafee.com;<local>
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll (file missing)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PrxcnBHO Class - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - C:\Program Files\Proxyconn\PrxcnBrsrCtrl.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135242701\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Proxyconn\PxUi.exe" /Automation
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
    O4 - HKLM\..\Run: [DownloadWare Engine] "C:\Program Files\DownloadWare Engine\DWE.EXE" /H
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [wfmlibal.exe] C:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\mimi\Desktop\New Folder\LimeWire\LimeWire.exe
    O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpander.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1179970730438
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    ============================================

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

    O2 - BHO: (no name) - SOFTWARE - (no file)

    O2 - BHO: PrxcnBHO Class - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - C:\Program Files\Proxyconn\PrxcnBrsrCtrl.dll (file missing)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe

    O4 - HKLM\..\Run: [DownloadWare Engine] "C:\Program Files\DownloadWare Engine\DWE.EXE" /H

    O4 - HKLM\..\Run: [wfmlibal.exe] C:\Documents and Settings\All Users\Application Data\wfmlibal.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    C:\PROGRA~1\Save
    C:\Program Files\DownloadWare Engine\DWE.EXE

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596090

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice