1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help! winantispyware2007freeinstall and ad popups

Discussion in 'Virus & Other Malware Removal' started by pbj, Jul 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    Hello,

    I have winantispyware2007freeinstall and other random ads popping up.

    I read several of the posts here and have already completed the following steps exactly as prescribed for others in the same predicament:

    ComboFix
    VundoFix
    SUPERAntispyware
    HiJackThis

    Following are the log files for the above. Can you give me final instructions?


    ComboFix
    ______________________________________________________________________
    "Sarib Singh" - 2007-07-18 12:57:32 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\nmllm.bak1
    C:\WINDOWS\system32\nmllm.ini
    C:\WINDOWS\system32\mllmn.dll
    C:\WINDOWS\system32\tuvtrpn.dll
    C:\WINDOWS\system32\tuvtrpn.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\poolsv
    C:\Program Files\poolsv\k11u72.exe
    C:\Program Files\poolsv\svhost.exe
    C:\Program Files\poolsv\wr-1-0000077.exe
    C:\Program Files\poolsv\YazzleBundle-1549.exe
    C:\Program Files\svhost
    C:\Program Files\svhost\wr-1-0000077.exe
    C:\Program Files\winpop
    C:\Program Files\winpop\UnInstall.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\poolsv.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


    2007-07-18 12:56 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-18 12:04 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-07-18 04:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-18 03:27 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-18 03:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-18 02:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-18 02:44 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
    2007-07-18 02:44 <DIR> d-------- C:\Temp\brr
    2007-07-18 02:06 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-18 01:40 <DIR> d-------- C:\Program Files\SafeNet Sentinel
    2007-07-18 01:40 <DIR> d-------- C:\Program Files\Common Files\SafeNet Sentinel
    2007-07-18 01:23 <DIR> d-------- C:\Program Files\iTunes
    2007-07-18 01:23 <DIR> d-------- C:\Program Files\iPod
    2007-07-18 01:23 <DIR> d-------- C:\DOCUME~1\SARIBS~1\APPLIC~1\Apple Computer
    2007-07-18 01:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-18 01:22 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-18 01:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-07-18 01:17 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-07-18 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-17 22:03 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
    2007-07-17 22:03 573,440 --a------ C:\WINDOWS\system32\Dsi.dll
    2007-07-17 22:03 49,152 --a------ C:\WINDOWS\system32\AvidSDMService.exe
    2007-07-17 22:03 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
    2007-07-17 22:03 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2007-07-17 22:03 180,276 --a------ C:\WINDOWS\system32\Mspdb50.dll
    2007-07-17 22:03 15,872 --a------ C:\WINDOWS\system32\KeyFilter.dll
    2007-07-17 22:03 143,360 --a------ C:\WINDOWS\system32\WinMMFix.dll
    2007-07-17 22:03 <DIR> d-------- C:\Program Files\Common Files\Digidesign
    2007-07-17 22:02 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2007-07-17 22:02 <DIR> d-------- C:\Program Files\JavaSoft
    2007-07-17 22:02 <DIR> d-------- C:\Program Files\Avid
    2007-07-17 21:58 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-07-17 21:45 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-07-17 21:17 <DIR> d-------- C:\DOCUME~1\SARIBS~1\APPLIC~1\Symantec
    2007-07-17 21:13 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-07-17 20:57 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2007-07-17 20:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2007-07-17 20:51 <DIR> d-------- C:\Downloads
    2007-07-17 20:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-07-17 20:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
    2007-07-17 19:51 <DIR> d-------- C:\Program Files\QuickTime
    2007-07-17 19:45 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2007-07-17 19:45 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2007-07-17 19:38 <DIR> d-------- C:\Program Files\Bonjour
    2007-07-17 19:34 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-07-17 19:22 0 --a------ C:\WINDOWS\nsreg.dat
    2007-07-17 18:42 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-07-17 18:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-07-17 18:40 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-07-17 18:33 <DIR> d-------- C:\Temp
    2007-07-17 18:32 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
    2007-07-17 18:32 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
    2007-07-17 18:29 <DIR> d-------- C:\Program Files\Common Files\LightScribe
    2007-07-17 18:28 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
    2007-07-17 18:28 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
    2007-07-17 18:28 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2007-07-17 18:28 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
    2007-07-17 18:28 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2007-07-17 18:28 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
    2007-07-17 18:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2007-07-17 18:27 <DIR> d-------- C:\Program Files\Ahead
    2007-07-17 18:26 <DIR> d-------- C:\Program Files\CyberLink
    2007-07-17 18:25 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
    2007-07-17 18:25 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
    2007-07-17 18:22 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-07-17 18:21 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-07-17 18:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-07-17 18:21 <DIR> d-------- C:\Program Files\Common Files\L&H
    2007-07-17 18:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2007-07-17 18:20 <DIR> d-------- C:\Program Files\Microsoft Works
    2007-07-17 17:37 <DIR> d-------- C:\Program Files\Norton 360
    2007-07-17 17:36 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-07-17 17:36 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-07-17 17:36 <DIR> d-------- C:\Program Files\Symantec
    2007-07-17 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-07-17 17:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2007-07-17 17:31 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-07-17 17:29 77,824 --a------ C:\WINDOWS\system32\nvrszht.dll
    2007-07-17 17:29 46,080 --a------ C:\WINDOWS\system32\nvmctray.dll
    2007-07-17 17:29 4,874,240 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2007-07-17 17:29 32,256 --a------ C:\WINDOWS\system32\nvcodins.dll
    2007-07-17 17:29 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
    2007-07-17 17:29 3,309,568 --a------ C:\WINDOWS\system32\nvcpl.dll
    2007-07-17 17:29 278,528 --a------ C:\WINDOWS\system32\nvwrses.dll
    2007-07-17 17:29 270,336 --a------ C:\WINDOWS\system32\nvwrsit.dll
    2007-07-17 17:29 270,336 --a------ C:\WINDOWS\system32\nvwrsfr.dll
    2007-07-17 17:29 266,240 --a------ C:\WINDOWS\system32\nvwrsptb.dll
    2007-07-17 17:29 253,952 --a------ C:\WINDOWS\system32\nvwrsde.dll
    2007-07-17 17:29 176,128 --a------ C:\WINDOWS\system32\nvwrsja.dll
    2007-07-17 17:29 172,032 --a------ C:\WINDOWS\system32\nvrsko.dll
    2007-07-17 17:29 172,032 --a------ C:\WINDOWS\system32\nvrsja.dll
    2007-07-17 17:29 167,936 --a------ C:\WINDOWS\system32\nvrsit.dll
    2007-07-17 17:29 167,936 --a------ C:\WINDOWS\system32\nvrsfr.dll
    2007-07-17 17:29 163,840 --a------ C:\WINDOWS\system32\nvwrsko.dll
    2007-07-17 17:29 163,840 --a------ C:\WINDOWS\system32\nvrses.dll
    2007-07-17 17:29 163,840 --a------ C:\WINDOWS\system32\nvrsde.dll
    2007-07-17 17:29 159,744 --a------ C:\WINDOWS\system32\nvrsptb.dll
    2007-07-17 17:29 147,456 --a------ C:\WINDOWS\system32\nvrszhc.dll
    2007-07-17 17:29 139,264 --a------ C:\WINDOWS\system32\nvwrszht.dll
    2007-07-17 17:29 135,168 --a------ C:\WINDOWS\system32\nvwrszhc.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-18 00:38:23 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-07-18 00:38:23 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2002-09-11 14:26:52 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
    2007-03-16 15:13 118784 --a------ C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
    2007-02-18 20:22 97960 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    2006-10-22 23:20 321120 --a------ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "PowerBar"="" []

    C:\DOCUME~1\SARIBS~1\STARTM~1\Programs\Startup
    ----a-w 225,280 2007-07-17 09:36:54 C:\DOCUME~1\SARIBS~1\STARTM~1\Programs\Startup\PowerReg Scheduler.exe

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-07-17 19:50:22]
    Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    *Newly Created Service* - COMHOST

    **************************************************************************

    catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-18 13:05:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-18 13:08:13 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-18 13:07

    --- E O F ---
     
  2. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 1:09:11 PM 7/18/2007

    Listing files found while scanning....

    No infected files were found.
     
  3. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/18/2007 at 03:18 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3270
    Trace Rules Database Version: 1281

    Scan type : Complete Scan
    Total Scan Time : 02:03:20

    Memory items scanned : 385
    Memory threats detected : 0
    Registry items scanned : 5063
    Registry threats detected : 0
    File items scanned : 141461
    File threats detected : 10

    Adware.Tracking Cookie
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarib Singh\Cookies\[email protected][2].txt

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\YAZZLEBUNDLE-1549.EXE.VIR

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7AA67DF9-FE13-4144-8235-A662C0DCC9E5}\RP190\A0011154.DLL
     
  4. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 3:27:03 PM, on 7/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sarib Singh\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1184709192281
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1184731518875
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8875 bytes
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You posted as I was - the log look good and the other logs show the removals - is it still there?
     
  7. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    Oh, here is the ComboFix quarantined files list (ran first)

    Code:
    2007-07-17 05:27      56320    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir
    2007-07-18 02:39      36352    --a------    C:\Qoobox\Quarantine\C\WINDOWS\poolsv.exe.vir
    2007-07-18 02:43      10316    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\wr-1-0000077.exe.vir
    2007-07-18 02:43      38400    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\svhost.exe.vir
    2007-07-18 02:43      38400    --a------    C:\Qoobox\Quarantine\C\WINDOWS\svhost.exe.vir
    2007-07-18 02:44      109560    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir
    2007-07-18 02:44      186621    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir
    2007-07-18 02:44      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvtrpn.dll.vir
    2007-07-18 02:46      12800    --a------    C:\Qoobox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir
    2007-07-18 02:49      266336    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mllmn.dll.vir
    2007-07-18 02:49      6365    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\nmllm.bak1.vir
    2007-07-18 04:18      39424    --a------    C:\Qoobox\Quarantine\C\WINDOWS\retadpu77.exe.vir
    2007-07-18 12:03      10316    --a------    C:\Qoobox\Quarantine\C\Program Files\svhost\wr-1-0000077.exe.vir
    2007-07-18 12:03      221    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
    2007-07-18 13:02      31620    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\nmllm.ini.vir
    2007-07-18 13:03      157    --a------    C:\Qoobox\Quarantine\catchme.log
    
    
    Folder PATH listing
    Volume serial number is 4081-D56F
    C:\QOOBOX
    \---Quarantine
        |   catchme.log
        |   
        +---C
        |   +---Program Files
        |   |   +---poolsv
        |   |   |       k11u72.exe.vir
        |   |   |       svhost.exe.vir
        |   |   |       wr-1-0000077.exe.vir
        |   |   |       YazzleBundle-1549.exe.vir
        |   |   |       
        |   |   +---svhost
        |   |   |       wr-1-0000077.exe.vir
        |   |   |       
        |   |   \---WinPop
        |   |           UnInstall.exe.vir
        |   |           
        |   \---WINDOWS
        |       |   b122.exe.vir
        |       |   poolsv.exe.vir
        |       |   retadpu77.exe.vir
        |       |   svhost.exe.vir
        |       |   wr.txt.vir
        |       |   
        |       \---system32
        |               mllmn.dll.vir
        |               nmllm.bak1.vir
        |               nmllm.ini.vir
        |               tuvtrpn.dll.vir
        |               
        \---Registry_backups
    
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    See post 6
     
  9. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    Dude you are awesome. Thanks for responding so fast.

    Nothing is popping up. If the logs look good then I guess I'm home free?

    Any tips on what the best protection is against this stuff? I have Norton360 right now.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I do not have anything good to say about Norton 360 - its a bloated pig

    I use AVG AV - Zone Alarm - SPyBot - SpywareBlaster and of course SAS!



    Clean [​IMG]
    If you feel its is fixed mark it solved via Thread Tools above

    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    This clears infected restore points and sets a new, clean one.
     
  11. pbj

    pbj Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    7
    Well, I'm going to switch over to those then.

    Thanks for your help man. You are certainly doing your part to make the world a better place.

    I just donated $20.00

    THANKS!! :) (y) :D
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Thanks for the donation!
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/597493

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice