1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

winantispyware 2007 remove

Discussion in 'Virus & Other Malware Removal' started by stayintheshade, Jul 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. stayintheshade

    stayintheshade Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    5
    this downloaded on it's own and now i get a small pop up bubble that i should download the program, this has happened before and i was able to fix it but not on my own,
    i have included the log from combofix, if i need to post my hjt log let me know, please and thank you for the help

    shade

    "Owner" - 2007-07-13 10:46:16 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

    ADS removed - system32: deleted 68250 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awvvv.dll
    C:\WINDOWS\system32\mljklmm.dll
    C:\WINDOWS\system32\mljklmm.dll
    C:\WINDOWS\system32\vvvwa.bak1


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\bold.log
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\DOCUME~1\Owner\APPLIC~1.\winantispyware2007freeinstall[1].exe
    C:\DOCUME~1\Owner\APPLIC~1\Install.dat
    C:\Program Files\Common Files\{18A19~1
    C:\Program Files\Common Files\{18A19~1\trz2.tmp
    C:\Program Files\Common Files\{38A19~1
    C:\Program Files\Common Files\{38A19~1\888.dll
    C:\Program Files\Common Files\{38A19~1\Uninstall.exe
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\WinSoftware
    C:\Program Files\SurfAccuracy
    C:\Program Files\SurfAccuracy\SAcc.cfg
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\temp\iee
    C:\temp\iee\tmpZTF.log
    C:\WINDOWS\system32\6_exception.nls
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\ksl48.bin
    C:\WINDOWS\system32\ksys.sys
    C:\WINDOWS\system32\RunOnce.t__
    C:\WINDOWS\system32\RunOnce.tm_
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_NDNET1
    -------\LEGACY_RUNTIME
    -------\NDnet1
    -------\Runtime


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 10:45 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 10:28 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-07-13 03:18 393,224 --a------ C:\sysvzxn.exe
    2007-07-06 15:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    2007-07-05 11:08 81,920 --a------ C:\WINDOWS\system32\winntify.exe
    2007-07-04 04:07 <DIR> d-------- C:\Program Files\PestPatrol
    2007-07-04 04:00 <DIR> d-------- C:\Program Files\Common Files\Kodak
    2007-07-04 04:00 <DIR> d-------- C:\KPCMS
    2007-07-03 03:50 1,845,324 ---hs---- C:\WINDOWS\system32\ggjlm.bak2
    2007-07-02 15:50 6,369 ---hs---- C:\WINDOWS\system32\ggjlm.bak1


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-04 08:00:16 -------- d-----w C:\Program Files\AIM
    2007-07-04 07:57:56 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-06-03 08:18:46 -------- d-----w C:\Program Files\Kodak
    2007-06-03 08:16:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-27 20:42:35 9,169 ----a-w C:\WINDOWS\system32\lr85.exe
    2007-04-27 20:39:51 26,622 ----a-w C:\WINDOWS\system32\lr86.exe
    2006-11-04 19:07:57 16,457 ---h--w C:\Program Files\aaaamelk.t
    2004-07-22 14:51:34 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-20 02:58:36 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-20 02:53:26 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 18:17:16 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 13:13:48 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 13:13:46 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 08:08:36 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 08:08:34 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 07:03:10 62,976 ----a-w C:\Program Files\DSETUP.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2005-11-04 19:29 399352 --a------ C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2003-05-15 10:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2005-08-17 10:40 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
    2005-09-22 17:44 622280 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
    2005-08-17 10:40 120312 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
    2005-08-02 14:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
    2005-10-04 11:43 682296 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2006-11-06 23:49]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
    "KBD"="C:\HP\KBD\KBD.EXE" [2006-11-06 23:49]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2006-11-06 23:49]
    "VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
    "LTMSG"="LTMSG.exe" [2003-07-14 20:52 C:\WINDOWS\ltmsg.exe]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2006-11-06 23:49]
    "WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2006-11-06 23:49]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-26 02:17]
    "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-04-02 15:11]
    "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11]
    "CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2004-04-02 15:10]
    "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2006-09-08 20:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW"="nview.dll,nViewLoadHook" []
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-16 16:47]
    "WebCamRT.exe"="" []
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-12 11:06]
    "Regscan"="C:\WINDOWS\system32\regscan.exe" [2003-10-31 16:05]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu]
    C:\WINDOWS\system32\ssttu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=??


    Contents of the 'Scheduled Tasks' folder
    2007-07-11 04:00:00 C:\WINDOWS\tasks\At1.job
    2007-07-13 13:00:00 C:\WINDOWS\tasks\At10.job
    2007-07-13 14:00:00 C:\WINDOWS\tasks\At11.job
    2007-07-12 15:00:00 C:\WINDOWS\tasks\At12.job
    2007-07-12 16:00:00 C:\WINDOWS\tasks\At13.job
    2007-07-12 17:00:00 C:\WINDOWS\tasks\At14.job
    2007-07-12 18:00:00 C:\WINDOWS\tasks\At15.job
    2007-07-12 19:00:00 C:\WINDOWS\tasks\At16.job
    2007-07-12 20:00:00 C:\WINDOWS\tasks\At17.job
    2007-07-12 21:00:00 C:\WINDOWS\tasks\At18.job
    2007-07-12 22:00:00 C:\WINDOWS\tasks\At19.job
    2007-07-11 05:00:00 C:\WINDOWS\tasks\At2.job
    2007-07-12 23:00:00 C:\WINDOWS\tasks\At20.job
    2007-07-05 00:00:00 C:\WINDOWS\tasks\At21.job
    2007-07-05 01:00:00 C:\WINDOWS\tasks\At22.job
    2007-07-05 02:00:00 C:\WINDOWS\tasks\At23.job
    2007-07-05 03:00:00 C:\WINDOWS\tasks\At24.job
    2007-07-13 06:00:00 C:\WINDOWS\tasks\At3.job
    2007-07-13 07:00:00 C:\WINDOWS\tasks\At4.job
    2007-07-11 04:00:00 C:\WINDOWS\tasks\At49.job
    2007-07-13 08:00:00 C:\WINDOWS\tasks\At5.job
    2007-07-11 05:00:00 C:\WINDOWS\tasks\At50.job
    2007-07-13 06:00:00 C:\WINDOWS\tasks\At51.job
    2007-07-13 07:00:00 C:\WINDOWS\tasks\At52.job
    2007-07-13 08:00:00 C:\WINDOWS\tasks\At53.job
    2007-07-13 09:00:00 C:\WINDOWS\tasks\At54.job
    2007-07-13 10:00:00 C:\WINDOWS\tasks\At55.job
    2007-07-13 11:00:00 C:\WINDOWS\tasks\At56.job
    2007-07-13 12:00:00 C:\WINDOWS\tasks\At57.job
    2007-07-13 13:00:00 C:\WINDOWS\tasks\At58.job
    2007-07-13 14:00:00 C:\WINDOWS\tasks\At59.job
    2007-07-13 09:00:00 C:\WINDOWS\tasks\At6.job
    2007-07-12 15:00:00 C:\WINDOWS\tasks\At60.job
    2007-07-12 16:00:00 C:\WINDOWS\tasks\At61.job
    2007-07-12 17:00:00 C:\WINDOWS\tasks\At62.job
    2007-07-12 18:00:00 C:\WINDOWS\tasks\At63.job
    2007-07-12 19:00:00 C:\WINDOWS\tasks\At64.job
    2007-07-12 20:00:00 C:\WINDOWS\tasks\At65.job
    2007-07-12 21:00:00 C:\WINDOWS\tasks\At66.job
    2007-07-12 22:00:00 C:\WINDOWS\tasks\At67.job
    2007-07-12 23:00:00 C:\WINDOWS\tasks\At68.job
    2007-07-05 00:00:01 C:\WINDOWS\tasks\At69.job
    2007-07-13 10:00:00 C:\WINDOWS\tasks\At7.job
    2007-07-05 01:00:00 C:\WINDOWS\tasks\At70.job
    2007-07-05 02:00:00 C:\WINDOWS\tasks\At71.job
    2007-07-05 03:00:00 C:\WINDOWS\tasks\At72.job
    2007-07-13 11:00:00 C:\WINDOWS\tasks\At8.job
    2007-07-13 12:00:00 C:\WINDOWS\tasks\At9.job
    2007-04-02 07:58:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
    2005-07-01 23:49:07 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 10:55:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 11:00:14 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-13 10:59

    --- E O F ---
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


    Delete your current version of ComboFix and download it again from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  3. stayintheshade

    stayintheshade Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    5
    .........thank you



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:45:06 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\LTMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\regscan.exe
    C:\Corel\Graphics8\Programs\MFIndexer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\winntify.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Owner\My Documents\My Pictures\HIJACKTHIS\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://www1.snapfish.com/shareelog...058/l=214639076/g=74607887/otsc=SYE/otsi=SALB
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O20 - AppInit_DLLs: ??
    O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

    --
    End of file - 9982 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Did you run combofix?
     
  5. stayintheshade

    stayintheshade Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    5
    this it the new ComboFix Log

    "Owner" - 2007-07-14 13:32:51 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


    2007-07-13 22:38 0 --a------ C:\temp\svcipa.exe
    2007-07-13 22:38 0 --a------ C:\svcipa.exe
    2007-07-13 10:45 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 10:28 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-07-13 03:18 393,224 --a------ C:\sysvzxn.exe
    2007-07-06 15:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    2007-07-05 11:08 81,920 --a------ C:\WINDOWS\system32\winntify.exe
    2007-07-04 04:07 <DIR> d-------- C:\Program Files\PestPatrol
    2007-07-04 04:00 <DIR> d-------- C:\Program Files\Common Files\Kodak
    2007-07-04 04:00 <DIR> d-------- C:\KPCMS
    2007-07-03 03:50 1,845,324 ---hs---- C:\WINDOWS\system32\ggjlm.bak2
    2007-07-02 15:50 6,369 ---hs---- C:\WINDOWS\system32\ggjlm.bak1


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-04 08:00:16 -------- d-----w C:\Program Files\AIM
    2007-07-04 07:57:56 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-06-03 08:18:46 -------- d-----w C:\Program Files\Kodak
    2007-06-03 08:16:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-27 20:42:35 9,169 ----a-w C:\WINDOWS\system32\lr85.exe
    2007-04-27 20:39:51 26,622 ----a-w C:\WINDOWS\system32\lr86.exe
    2006-11-04 19:07:57 16,457 ---h--w C:\Program Files\aaaamelk.t
    2004-07-22 14:51:34 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-20 02:58:36 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-20 02:53:26 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 18:17:16 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 13:13:48 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 13:13:46 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 08:08:36 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 08:08:34 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 07:03:10 62,976 ----a-w C:\Program Files\DSETUP.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2005-11-04 19:29 399352 --a------ C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2003-05-15 10:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2005-08-17 10:40 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
    2005-09-22 17:44 622280 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
    2005-08-17 10:40 120312 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
    2005-08-02 14:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
    2005-10-04 11:43 682296 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2006-11-06 23:49]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
    "KBD"="C:\HP\KBD\KBD.EXE" [2006-11-06 23:49]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2006-11-06 23:49]
    "VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
    "LTMSG"="LTMSG.exe" [2003-07-14 20:52 C:\WINDOWS\ltmsg.exe]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2006-11-06 23:49]
    "WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2006-11-06 23:49]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-26 02:17]
    "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-04-02 15:11]
    "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11]
    "CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2004-04-02 15:10]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW"="nview.dll,nViewLoadHook" []
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-16 16:47]
    "WebCamRT.exe"="" []
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-12 11:06]
    "Regscan"="C:\WINDOWS\system32\regscan.exe" [2003-10-31 16:05]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu]
    C:\WINDOWS\system32\ssttu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=??


    Contents of the 'Scheduled Tasks' folder
    2007-07-14 04:00:00 C:\WINDOWS\tasks\At1.job
    2007-07-13 13:00:00 C:\WINDOWS\tasks\At10.job
    2007-07-13 14:00:00 C:\WINDOWS\tasks\At11.job
    2007-07-13 15:00:01 C:\WINDOWS\tasks\At12.job
    2007-07-14 16:00:00 C:\WINDOWS\tasks\At13.job
    2007-07-14 17:00:00 C:\WINDOWS\tasks\At14.job
    2007-07-13 18:00:00 C:\WINDOWS\tasks\At15.job
    2007-07-13 19:00:00 C:\WINDOWS\tasks\At16.job
    2007-07-13 20:00:00 C:\WINDOWS\tasks\At17.job
    2007-07-13 21:00:00 C:\WINDOWS\tasks\At18.job
    2007-07-13 22:00:00 C:\WINDOWS\tasks\At19.job
    2007-07-14 05:00:00 C:\WINDOWS\tasks\At2.job
    2007-07-13 23:00:00 C:\WINDOWS\tasks\At20.job
    2007-07-14 00:00:00 C:\WINDOWS\tasks\At21.job
    2007-07-14 01:00:00 C:\WINDOWS\tasks\At22.job
    2007-07-14 02:00:00 C:\WINDOWS\tasks\At23.job
    2007-07-14 03:00:00 C:\WINDOWS\tasks\At24.job
    2007-07-14 06:00:00 C:\WINDOWS\tasks\At3.job
    2007-07-13 07:00:00 C:\WINDOWS\tasks\At4.job
    2007-07-14 04:00:00 C:\WINDOWS\tasks\At49.job
    2007-07-13 08:00:00 C:\WINDOWS\tasks\At5.job
    2007-07-14 05:00:00 C:\WINDOWS\tasks\At50.job
    2007-07-14 06:00:00 C:\WINDOWS\tasks\At51.job
    2007-07-13 07:00:00 C:\WINDOWS\tasks\At52.job
    2007-07-13 08:00:00 C:\WINDOWS\tasks\At53.job
    2007-07-13 09:00:00 C:\WINDOWS\tasks\At54.job
    2007-07-13 10:00:00 C:\WINDOWS\tasks\At55.job
    2007-07-13 11:00:00 C:\WINDOWS\tasks\At56.job
    2007-07-13 12:00:00 C:\WINDOWS\tasks\At57.job
    2007-07-13 13:00:00 C:\WINDOWS\tasks\At58.job
    2007-07-13 14:00:00 C:\WINDOWS\tasks\At59.job
    2007-07-13 09:00:00 C:\WINDOWS\tasks\At6.job
    2007-07-13 15:00:01 C:\WINDOWS\tasks\At60.job
    2007-07-14 16:00:01 C:\WINDOWS\tasks\At61.job
    2007-07-14 17:00:00 C:\WINDOWS\tasks\At62.job
    2007-07-13 18:00:00 C:\WINDOWS\tasks\At63.job
    2007-07-13 19:00:00 C:\WINDOWS\tasks\At64.job
    2007-07-13 20:00:00 C:\WINDOWS\tasks\At65.job
    2007-07-13 21:00:00 C:\WINDOWS\tasks\At66.job
    2007-07-13 22:00:00 C:\WINDOWS\tasks\At67.job
    2007-07-13 23:00:00 C:\WINDOWS\tasks\At68.job
    2007-07-14 00:00:00 C:\WINDOWS\tasks\At69.job
    2007-07-13 10:00:00 C:\WINDOWS\tasks\At7.job
    2007-07-14 01:00:00 C:\WINDOWS\tasks\At70.job
    2007-07-14 02:00:00 C:\WINDOWS\tasks\At71.job
    2007-07-14 03:00:00 C:\WINDOWS\tasks\At72.job
    2007-07-13 11:00:00 C:\WINDOWS\tasks\At8.job
    2007-07-13 12:00:00 C:\WINDOWS\tasks\At9.job
    2007-04-02 07:58:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
    2005-07-01 23:49:07 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-14 13:37:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-14 13:38:06
    C:\ComboFix-quarantined-files.txt ... 2007-07-14 13:37
    C:\ComboFix2.txt ... 2007-07-13 11:00

    --- E O F ---
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post this log C:\ComboFix-quarantined-files.txt
     
  7. stayintheshade

    stayintheshade Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    5
    sorry i didn't post this last time, i am learning thanks again

    Code:
    2005-09-05 14:47      217526    --a------    C:\Qoobox\Quarantine\C\Program Files\SurfAccuracy\SAcc.cfg.vir
    2006-11-04 15:32      6    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ksl48.bin.vir
    2006-12-07 20:23      147456    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir
    2007-01-04 04:06      14    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce.tm_.vir
    2007-01-04 04:07      8    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce.t__.vir
    2007-01-08 13:51      1395659    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\Install.dat.vir
    2007-04-24 12:21      9248    --a------    C:\Qoobox\Quarantine\C\temp\0b9\tmpTF.log.vir
    2007-04-29 05:09      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\6_exception.nls.vir
    2007-05-11 16:57      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
    2007-06-06 10:35      618496    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir
    2007-07-04 03:42      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mljklmm.dll.vir
    2007-07-04 03:47      189    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
    2007-07-04 03:50      266336    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\awvvv.dll.vir
    2007-07-04 03:50      6369    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vvvwa.bak1.vir
    2007-07-04 03:53      930    --a------    C:\Qoobox\Quarantine\C\temp\iee\tmpZTF.log.vir
    2007-07-04 03:56      14566    --a------    C:\Qoobox\Quarantine\C\bold.log.vir
    2007-07-05 11:20      0    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
    2007-07-05 11:20      20    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode.vir
    2007-07-05 11:20      5    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr.vir
    2007-07-05 11:20      79872    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\FOPN.sys.vir
    2007-07-05 11:22      3612    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\WinAntiSpyware 2007\Logs\update.log.vir
    2007-07-17 13:41      1310    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NDNET1.reg.cf
    2007-07-17 13:41      1322    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
    2007-07-17 13:41      750    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Runtime.reg.cf
    2007-07-17 13:41      782    --a------    C:\Qoobox\Quarantine\Registry_backups\services_NDnet1.reg.cf
    
    
    Folder PATH listing for volume PRESARIO
    Volume serial number is 18A1-900D
    C:\QOOBOX
    \---Quarantine
        +---C
        |   |   bold.log.vir
        |   |
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Delete the combofix you have and download it again.

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  9. stayintheshade

    stayintheshade Thread Starter

    Joined:
    Jul 13, 2007
    Messages:
    5
    i was not having a problem until yesterday,
    attached are the new hijackthis log, and the combofix
    will not run, i am also gettin random music
    i need serious help.......thank you
    i feel raped



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:06:54 AM, on 9/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\LTMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\WINDOWS\svhost.exe
    C:\Program Files\MSN\qubene22011.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Corel\Graphics8\Programs\MFIndexer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\bmyjecox.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://www1.snapfish.com/shareelog...058/l=214639076/g=74607887/otsc=SYE/otsi=SALB
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [qubene] C:\Program Files\MSN\qubene22011.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.3\webbuying.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{18A1900D-086E-1033-1219-030804030001}] "C:\Program Files\Common Files\{18A1900D-086E-1033-1219-030804030001}\Update.exe" te-110-12-0000213
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O20 - AppInit_DLLs: ??
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\bmyjecox.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

    --
    End of file - 9562 bytes
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595274

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice