1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help Needed Please Cant get rid Of Bugs After Many Scans

Discussion in 'Virus & Other Malware Removal' started by 1wozk, May 6, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Started getting many ads everytime i opened a new page online so carried out a avg scan and a spysweeper scan which found some trojons in the system restore area and some malware, After i done these scans i went online again and i still have many popups soi tried various other anti virus/spyware scanners and still have the same problem so i got rid of my avg and spysweeper and am now using avasst and super antispyware which cant get rid of the problems either, I carried out all these scans in safe mode and cat figure out where the problem is can anyone help please as i am starting to go mad
    Here is a log of my spyware scan
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/05/2008 at 09:05 PM

    Application Version : 4.0.1154

    Core Rules Database Version : 3452
    Trace Rules Database Version: 1444

    Scan type : Complete Scan
    Total Scan Time : 01:48:58

    Memory items scanned : 157
    Memory threats detected : 0
    Registry items scanned : 5742
    Registry threats detected : 0
    File items scanned : 90810
    File threats detected : 8

    Malware.SpywareNuker
    C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP882\A0196118.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP883\A0196813.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP884\A0197491.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP886\A0198169.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP887\A0198704.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP888\A0199239.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP889\A0199774.SYS

    and here are the anti virus results
    win32 trojan-gen delphi
    kernal32.dll
    win32:ngvck-e
    winsock.dll
     
  2. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi I need some help urgently with the following, I started getting these annoying popups on every new page i would look at online I have used many different anti virus/spyware softwares in safe mode which have found many bugs which is listed below in the logs, then after i have re-started my pc and gone online the popups are back straight away and i have now run out of ideas to stop this if anyone knows of a soloution i would appreciate any help offered.

    logs

    Malwarebytes' Anti-Malware 1.12
    Database version: 729


    Scan type: Quick Scan
    Objects scanned: 36574
    Time elapsed: 3 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 12
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AntvrsInstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/AntvrsInstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\edfqvrw.bdgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Antivirus 2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\systemerrorfixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\warren keen\Application Data\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Antivirus 2008\Antvrs.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\AntvrsInstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpeavkgshd_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpeavkgshd_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.

    avast anti virus log

    06/05/2008 09:15:33 warren keen 3092 Sign of "Win32:Trojan-gen {Delphi}" has been found in "C:\Documents and Settings\warren keen\Application Data\PerformanceoptimizerFreeSetup[1].exe\$INSTDIR\PoChk.exe" file.
    06/05/2008 10:55:27 warren keen 3092 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\warren keen\Application Data\PerformanceoptimizerFreeSetup[1].exe\$COMMONFILES\$[33]\$NS_LANG_CODE\pcid.exe" file.
    06/05/2008 10:55:33 warren keen 3092 Sign of "Win32:Trojan-gen {Delphi}" has been found in "C:\Documents and Settings\warren keen\Application Data\PerformanceoptimizerFreeSetup[1].exe\$COMMONFILES\$[33]\$NS_LANG_CODE\creader.exe" file.
    06/05/2008 11:22:45 warren keen 3092 Sign of "Win32:NGVCK-E" has been found in "C:\Program Files\PCPitstop\AV\PAV.SIG" file.
    06/05/2008 11:54:56 warren keen 3092 Sign of "Win32:Trojan-gen {Delphi}" has been found in "C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP895\A0200560.exe\$INSTDIR\PoChk.exe" file.
    06/05/2008 11:56:06 warren keen 3092 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP895\A0200560.exe\$COMMONFILES\$[33]\$NS_LANG_CODE\pcid.exe" file.
    06/05/2008 11:56:11 warren keen 3092 Sign of "Win32:Trojan-gen {Delphi}" has been found in "C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP895\A0200560.exe\$COMMONFILES\$[33]\$NS_LANG_CODE\creader.exe" file.
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  4. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:07:01, on 08/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Glary Utilities\memdefrag.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\YAHOO!\browser\ycommon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Disk Monitor] "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunServices: [Window Monitor] winmon32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [Window Monitor] winmon32.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www3.authentium.com/bt/wbiw/bin/wizard.exe
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166606521953
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O24 - Desktop Component 0: (no name) - https://www.1stoptrading.com/images/henley_mens_H0101.03.1.jpg
    O24 - Desktop Component 1: (no name) - http://www.globaldiscounts.co.uk/images/10000006/logo.jpg

    --
    End of file - 11026 bytes
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKUS\S-1-5-18\..\RunServices: [Window Monitor] winmon32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunServices: [Window Monitor] winmon32.exe (User 'Default user')

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\WINDOWS\System32\winmon32.exe
      
      
    • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.


    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    • Read the Requirements and Privacy statement, then select "Accept".
    • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    • When the download is complete it will say ready, click "Next".
    • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    • Click "OK".
    • Under "Select a target to scan", click on "My Computer".
    • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!



    I don't see any anti-virus software running.
    Load AVG it's free.
     
  6. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi thanks for all your support in this annoying matter i hope we can fix it as im still getting many popups, I have carried out all you asked me to do and hve listed all you need below thanks again.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:35:12, on 09/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Disk Monitor] "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www3.authentium.com/bt/wbiw/bin/wizard.exe
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166606521953
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O24 - Desktop Component 0: (no name) - https://www.1stoptrading.com/images/henley_mens_H0101.03.1.jpg
    O24 - Desktop Component 1: (no name) - http://www.globaldiscounts.co.uk/images/10000006/logo.jpg

    --
    End of file - 11796 bytes



    OTMOVEIT2 LOG

    File delete failed. C:\Documents and Settings\warren keen\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.
    File/Folder avenger.zip not found.
    File/Folder avenger.exe not found.
    File/Folder Avenger not found.
    File/Folder avenger.txt not found.
    File/Folder bfu.zip not found.
    File/Folder BFU not found.
    File/Folder combofix.exe not found.
    File/Folder Combo-Fix.sys not found.
    File/Folder ComboFix not found.
    File/Folder erdnt not found.
    File/Folder QooBox not found.
    File/Folder ComboFix*.txt not found.
    Service not present: catchme.
    File/Folder catchme.exe not found.
    File/Folder fdsv.exe not found.
    File/Folder grep.exe not found.
    File/Folder moveex.exe not found.
    File/Folder nircmd.exe not found.
    File/Folder sed.exe not found.
    File/Folder swreg.exe not found.
    File/Folder Swsc.exe not found.
    File/Folder Swxcacls.exe not found.
    File/Folder VFind.exe not found.
    File/Folder WS2Fix.exe not found.
    File/Folder zip.exe not found.
    File/Folder tmp.reg not found.
    File/Folder dss.exe not found.
    File/Folder Deckard not found.
    File/Folder deljob.exe not found.
    File/Folder deljob not found.
    File/Folder logit.txt not found.
    File/Folder FindAWF.exe not found.
    File/Folder AWF.txt not found.
    File/Folder fixwareout.exe not found.
    File/Folder fixwareout not found.
    File/Folder fsbl.exe not found.
    File/Folder fsbl*.log not found.
    File/Folder gmer.exe not found.
    File/Folder gmer.dll not found.
    File/Folder gmer.ini not found.
    File/Folder gmer.log not found.
    File/Folder gmer_uninstall.cmd not found.
    File/Folder gmer.sys not found.
    Service not present: gmer.
    File/Folder haxfix.exe not found.
    File/Folder haxfix.txt not found.
    File/Folder killbox.exe not found.
    File/Folder !Killbox not found.
    File/Folder NoLop.exe not found.
    File/Folder NoLop.txt not found.
    File/Folder NoLopOLD.txt not found.
    File/Folder delete.bat not found.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com


    Generated 05/09/2008 at 07:51 PM

    Application Version : 4.0.1154

    Core Rules Database Version : 3452
    Trace Rules Database Version: 1444

    Scan type : Complete Scan
    Total Scan Time : 01:14:10

    Memory items scanned : 347
    Memory threats detected : 0
    Registry items scanned : 5777
    Registry threats detected : 0
    File items scanned : 91535
    File threats detected : 0

    KASPERSKY ONLINE SCANNER REPORT
    Friday, May 09, 2008 9:37:43 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 9/05/2008
    Kaspersky Anti-Virus database records: 750036


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects 92625
    Number of viruses found 6
    Number of infected objects 19
    Number of suspicious objects 0
    Duration of the scan process 01:28:36

    Infected Object Name Virus Name Last Action
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{5CC77D96-2CA2-44D1-B26E-446AA92284CE}.bin Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\warren keen\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\Temp\Perflib_Perfdata_6ac.dat Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\Temp\~DFF256.tmp Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\warren keen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\warren keen\ntuser.dat Object is locked skipped

    C:\Documents and Settings\warren keen\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\warren keen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-9-2008( 18-36-58 ).LOG Object is locked skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP896\change.log Object is locked skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP803\A0174411.exe/file1 Infected: not-a-virus:FraudTool.Win32.ErrClean.b skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP803\A0174411.exe/file2 Infected: not-a-virus:FraudTool.Win32.SanitarDiska.r skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP803\A0174411.exe Inno: infected - 2 skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP866\A0194133.msi/app.cab/TclLib Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bu skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP866\A0194133.msi/app.cab/ZLib Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bx skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP866\A0194133.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bx skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP866\A0194133.msi Embedded: infected - 3 skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP867\A0194141.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bu skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP867\A0194142.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bx skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP879\A0196058.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP882\A0196169.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP883\A0196855.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP884\A0197533.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP886\A0198211.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP887\A0198746.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP888\A0199281.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP889\A0199816.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.m skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP895\A0200802.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP895\A0200802.exe WiseSFX: infected - 1 skipped

    Scan process completed.


    I await your response o the reports i just sent you and hop we can fix these problems
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    The OTMoveIt log is from running cleanup and not what I requested.

    The Kaspersky findings are all in system restore.

    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  8. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    ComboFix 08-05-08.1 - warren keen 2008-05-09 22:57:11.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.49 [GMT 1:00]
    Running from: C:\Documents and Settings\warren keen\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\warren keen\Local Settings\Application Data\bwdamyu.dat
    C:\Documents and Settings\warren keen\Local Settings\Application Data\bwdamyu.exe
    C:\Documents and Settings\warren keen\Local Settings\Application Data\bwdamyu_nav.dat
    C:\Documents and Settings\warren keen\Local Settings\Application Data\bwdamyu_navps.dat
    C:\Program Files\Common Files\companion wizard
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\search_res.txt
    C:\WINDOWS\system32\eqqthxgsz.dat
    c:\windows\system32\eqqthxgsz.exe
    c:\WINDOWS\system32\eqqthxgsz_nav.dat
    c:\WINDOWS\system32\eqqthxgsz_navps.dat

    ----- BITS: Possible infected sites -----

    hxxp://onsafepro.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SZKG5


    ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
    .

    2008-05-09 19:58 . 2008-05-09 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-05-09 07:13 . 2008-05-09 07:13 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-05-09 07:13 . 2008-05-09 07:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-05-09 07:12 . 2008-05-09 07:12 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-05-09 07:12 . 2008-05-09 07:12 <DIR> d-------- C:\Program Files\AVG
    2008-05-09 07:12 . 2008-05-09 07:12 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-05-08 21:06 . 2008-05-08 21:06 <DIR> d-------- C:\Program Files\Trend Micro
    2008-05-07 21:50 . 2008-05-08 00:16 3,951 --a------ C:\rollback.ini
    2008-05-07 21:19 . 2008-05-07 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-05-07 21:18 . 2008-05-08 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-05-07 21:17 . 2008-05-07 21:17 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-05-07 15:56 . 2008-05-07 15:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-07 15:56 . 2008-05-07 15:56 <DIR> d-------- C:\Documents and Settings\warren keen\Application Data\Malwarebytes
    2008-05-07 15:56 . 2008-05-07 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-07 15:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-07 15:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-06 07:46 . 2008-05-06 07:46 <DIR> d-------- C:\Program Files\Alwil Software
    2008-05-06 07:46 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2008-05-06 07:21 . 2008-05-06 07:21 36 -r-h----- C:\WINDOWS\sued.dat
    2008-05-06 07:17 . 2008-05-06 07:17 <DIR> d-------- C:\Program Files\WOT
    2008-05-06 07:10 . 2008-05-06 07:10 <DIR> d-------- C:\Program Files\Camtech
    2008-05-05 18:46 . 2008-05-05 18:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-05-05 18:46 . 2008-05-05 18:46 <DIR> d-------- C:\Documents and Settings\warren keen\Application Data\SUPERAntiSpyware.com
    2008-05-05 18:46 . 2008-05-05 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-05-05 18:45 . 2008-05-05 18:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-05 17:59 . 2008-05-05 17:59 <DIR> d-------- C:\Program Files\CleanUp!
    2008-05-04 22:13 . 2008-05-04 22:13 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-05-04 18:26 . 2008-05-04 18:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-04 18:26 . 2008-05-04 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\INAC
    2008-05-04 17:27 . 2008-05-04 17:27 <DIR> d-------- C:\Documents and Settings\warren keen\Application Data\INAC
    2008-05-04 17:17 . 2008-05-04 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-04 16:58 . 2008-05-04 16:58 <DIR> d-------- C:\Program Files\INAC
    2008-05-04 14:18 . 2008-05-04 14:18 <DIR> d-------- C:\Documents and Settings\warren keen\Application Data\PopUpSentry.com
    2008-05-04 14:16 . 2008-05-04 14:16 <DIR> d-------- C:\Program Files\PopUpSentry.com
    2008-05-04 13:12 . 2008-05-04 13:12 <DIR> d-------- C:\Program Files\a-squared Free
    2008-05-04 10:13 . 2008-05-04 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
    2008-05-04 10:12 . 2008-05-04 10:12 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-05-04 10:12 . 2008-05-09 22:57 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
    2008-05-03 23:24 . 2001-08-17 22:37 24,576 --a------ C:\WINDOWS\system32\dllcache\agcgauge.ax
    2008-05-03 07:02 . 2008-05-03 07:02 <DIR> d-------- C:\Documents and Settings\warren keen\Application Data\Uniblue
    2008-05-02 20:14 . 2008-05-02 20:14 <DIR> d-------- C:\WINDOWS\Speeditup Free
    2008-05-02 20:14 . 2008-05-02 20:14 <DIR> d-------- C:\Program Files\Speeditup Free
    2008-05-02 19:42 . 2008-05-02 19:42 <DIR> d-------- C:\WINDOWS\PC Check-up
    2008-05-02 19:00 . 2008-05-02 19:00 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html
    2008-05-02 12:55 . 2008-05-02 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-02 11:48 . 2008-05-02 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-02 10:23 . 2008-01-13 07:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-04-26 10:14 . 2008-04-26 10:14 <DIR> d-------- C:\Documents and Settings\warren keen\Application Data\AVGTOOLBAR
    2008-04-26 10:12 . 2008-04-26 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-04-16 06:50 . 2008-04-16 06:50 <DIR> d--hs---- C:\FOUND.003
    2008-04-13 06:37 . 2008-04-13 06:37 <DIR> d--hs---- C:\FOUND.002
    2008-04-11 17:25 . 2008-04-11 17:25 <DIR> d-------- C:\Program Files\eBay
    2008-04-11 17:25 . 2008-04-11 17:25 <DIR> d-------- C:\Documents and Settings\All Users\eBay
    2008-04-11 13:19 . 2008-04-11 13:19 <DIR> d-------- C:\Program Files\iWin
    2008-04-11 06:57 . 2008-04-11 06:57 <DIR> d--hs---- C:\FOUND.001
    2008-04-10 23:04 . 2008-04-10 23:04 <DIR> d-------- C:\f7551fd52cabcc0d556fe1cedb558938
    2008-04-10 07:09 . 2008-04-10 07:09 <DIR> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-02 17:59 724,992 ----a-w C:\WINDOWS\iun6002.exe
    2008-03-26 16:18 49,152 ----a-r C:\WINDOWS\system32\Inetwh32.dll
    2008-03-26 16:18 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
    2008-03-21 08:45 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-10 06:09 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-03-26 10:57 52,274 ----a-w C:\Documents and Settings\warren keen\TB2Categories000.dat
    2006-08-08 08:33 25,600 ----a-w C:\Documents and Settings\warren keen\usbsermptxp.sys
    2006-08-08 08:33 22,768 ----a-w C:\Documents and Settings\warren keen\usbsermpt.sys
    2006-05-14 08:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ------- Sigcheck -------

    2004-08-04 07:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
    2004-08-04 07:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-05-09 07:12 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
    2008-04-21 10:59 2249376 --a------ C:\Program Files\WOT\WOT.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    2008-04-01 13:18 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{71576546-354D-41C9-AAE8-31F2EC22BF0D}"= "C:\Program Files\WOT\WOT.dll" [2008-04-21 10:59 2249376]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-09 07:12 2050816]

    [HKEY_CLASSES_ROOT\clsid\{71576546-354d-41c9-aae8-31f2ec22bf0d}]
    [HKEY_CLASSES_ROOT\WOT.WOTBar.1]
    [HKEY_CLASSES_ROOT\WOT.WOTBar]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-09 07:12 2050816]
    "{71576546-354D-41C9-AAE8-31F2EC22BF0D}"= C:\Program Files\WOT\WOT.dll [2008-04-21 10:59 2249376]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CLASSES_ROOT\clsid\{71576546-354d-41c9-aae8-31f2ec22bf0d}]
    [HKEY_CLASSES_ROOT\WOT.WOTBar.1]
    [HKEY_CLASSES_ROOT\WOT.WOTBar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
    "Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2007-05-22 11:16 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShowIcon_JustRams_USB Product Driver v2.33r005"="C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" [2005-04-22 11:11 81920]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17 94208]
    "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 10:57 466944]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-09 07:12 1177368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.JPEG"= jpegCode.dll
    "VIDC.MJPG"= jpegCode.dll
    "MSVideo"= VfwECamC.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eqqthxgsz]
    c:\windows\system32\eqqthxgsz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
    C:\Program Files\PC Check-up\PCCheckUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-03-10 07:07 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WinDefend"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "Netcom3"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-09 07:12]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-09 07:12]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-09 07:12]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-09 07:13]
    S1 SABKUTIL;SABKUTIL;C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABKUTIL.sys []
    S3 CoachUsb;Dual Mode Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys []
    S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys []
    S3 iadusb;BT Voyager 205 ADSL Router;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2005-11-06 13:49]

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-09 23:02:35
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\SYSTEM32\BRSS01A.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE
    C:\WINDOWS\system32\lxcecoms.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-09 23:05:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-09 22:05:00

    Pre-Run: 57,853,509,632 bytes free
    Post-Run: 57,834,766,336 bytes free

    224 --- E O F --- 2008-05-05 17:11:37

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:55:26, on 09/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\YAHOO!\browser\ycommon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Disk Monitor] "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www3.authentium.com/bt/wbiw/bin/wizard.exe
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166606521953
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O24 - Desktop Component 0: (no name) - https://www.1stoptrading.com/images/henley_mens_H0101.03.1.jpg
    O24 - Desktop Component 1: (no name) - http://www.globaldiscounts.co.uk/images/10000006/logo.jpg

    --
    End of file - 11540 bytes
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49.../dinerdash.cab

    Close all applications and browser windows before you click "fix checked".



    How is it running now?
     
  10. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi I would like to thankyou so much for all the work you have carried out for me in removing those nasty bugs as everything is now running perfect i am not getting those horrible popups anymore, After i runned combofix that seemed to sort the problem out straight away where's the spyware/anti virus was removing things but they would start up again as soon as i started my browser, Do you have any tips for the future for me, Do you think i should just use the combofix agin if i run into any problems again as that piece of software is awesome.
    Once again thankyou so much for your time in helping me i will make sure i donate to techguy and spread the word around about techguy.
    I have removed diner dash as you see below was there a bug in that file as i will need to let the website know of it if there was.
    thanks
    warren


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:31:41, on 10/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Disk Monitor] "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www3.authentium.com/bt/wbiw/bin/wizard.exe
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166606521953
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O24 - Desktop Component 0: (no name) - https://www.1stoptrading.com/images/henley_mens_H0101.03.1.jpg
    O24 - Desktop Component 1: (no name) - http://www.globaldiscounts.co.uk/images/10000006/logo.jpg

    --
    End of file - 11244 bytes
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    DinerDash clogs up the machine.

    You should not keep Combofix. That tool is updated often and is not something you want to keep around.

    Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    You should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    OTMoveIt2 by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders.
    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405



    Now you should Clean up your PC


    Here are some additional links for you to check out to help you with your computer security.

    How did I get infected in the first place.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools



    You're welcome!
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/710443

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice