winantispyware 2007 remove

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

stayintheshade

Thread Starter
Joined
Jul 13, 2007
Messages
5
this downloaded on it's own and now i get a small pop up bubble that i should download the program, this has happened before and i was able to fix it but not on my own,
i have included the log from combofix, if i need to post my hjt log let me know, please and thank you for the help

shade

"Owner" - 2007-07-13 10:46:16 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

ADS removed - system32: deleted 68250 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\mljklmm.dll
C:\WINDOWS\system32\mljklmm.dll
C:\WINDOWS\system32\vvvwa.bak1


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\bold.log
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware2007freeinstall[1].exe
C:\DOCUME~1\Owner\APPLIC~1\Install.dat
C:\Program Files\Common Files\{18A19~1
C:\Program Files\Common Files\{18A19~1\trz2.tmp
C:\Program Files\Common Files\{38A19~1
C:\Program Files\Common Files\{38A19~1\888.dll
C:\Program Files\Common Files\{38A19~1\Uninstall.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\WinSoftware
C:\Program Files\SurfAccuracy
C:\Program Files\SurfAccuracy\SAcc.cfg
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\ksl48.bin
C:\WINDOWS\system32\ksys.sys
C:\WINDOWS\system32\RunOnce.t__
C:\WINDOWS\system32\RunOnce.tm_
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NDNET1
-------\LEGACY_RUNTIME
-------\NDnet1
-------\Runtime


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 10:45 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 10:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-13 03:18 393,224 --a------ C:\sysvzxn.exe
2007-07-06 15:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-05 11:08 81,920 --a------ C:\WINDOWS\system32\winntify.exe
2007-07-04 04:07 <DIR> d-------- C:\Program Files\PestPatrol
2007-07-04 04:00 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-07-04 04:00 <DIR> d-------- C:\KPCMS
2007-07-03 03:50 1,845,324 ---hs---- C:\WINDOWS\system32\ggjlm.bak2
2007-07-02 15:50 6,369 ---hs---- C:\WINDOWS\system32\ggjlm.bak1


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 08:00:16 -------- d-----w C:\Program Files\AIM
2007-07-04 07:57:56 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-03 08:18:46 -------- d-----w C:\Program Files\Kodak
2007-06-03 08:16:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 20:42:35 9,169 ----a-w C:\WINDOWS\system32\lr85.exe
2007-04-27 20:39:51 26,622 ----a-w C:\WINDOWS\system32\lr86.exe
2006-11-04 19:07:57 16,457 ---h--w C:\Program Files\aaaamelk.t
2004-07-22 14:51:34 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58:36 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 02:53:26 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 18:17:16 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 13:13:48 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 13:13:46 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 08:08:36 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08:34 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03:10 62,976 ----a-w C:\Program Files\DSETUP.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-11-04 19:29 399352 --a------ C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 10:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2005-08-17 10:40 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
2005-09-22 17:44 622280 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
2005-08-17 10:40 120312 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-08-02 14:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
2005-10-04 11:43 682296 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2006-11-06 23:49]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2006-11-06 23:49]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2006-11-06 23:49]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 C:\WINDOWS\ltmsg.exe]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2006-11-06 23:49]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2006-11-06 23:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-26 02:17]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-04-02 15:11]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2004-04-02 15:10]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2006-09-08 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-16 16:47]
"WebCamRT.exe"="" []
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-12 11:06]
"Regscan"="C:\WINDOWS\system32\regscan.exe" [2003-10-31 16:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu]
C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=??


Contents of the 'Scheduled Tasks' folder
2007-07-11 04:00:00 C:\WINDOWS\tasks\At1.job
2007-07-13 13:00:00 C:\WINDOWS\tasks\At10.job
2007-07-13 14:00:00 C:\WINDOWS\tasks\At11.job
2007-07-12 15:00:00 C:\WINDOWS\tasks\At12.job
2007-07-12 16:00:00 C:\WINDOWS\tasks\At13.job
2007-07-12 17:00:00 C:\WINDOWS\tasks\At14.job
2007-07-12 18:00:00 C:\WINDOWS\tasks\At15.job
2007-07-12 19:00:00 C:\WINDOWS\tasks\At16.job
2007-07-12 20:00:00 C:\WINDOWS\tasks\At17.job
2007-07-12 21:00:00 C:\WINDOWS\tasks\At18.job
2007-07-12 22:00:00 C:\WINDOWS\tasks\At19.job
2007-07-11 05:00:00 C:\WINDOWS\tasks\At2.job
2007-07-12 23:00:00 C:\WINDOWS\tasks\At20.job
2007-07-05 00:00:00 C:\WINDOWS\tasks\At21.job
2007-07-05 01:00:00 C:\WINDOWS\tasks\At22.job
2007-07-05 02:00:00 C:\WINDOWS\tasks\At23.job
2007-07-05 03:00:00 C:\WINDOWS\tasks\At24.job
2007-07-13 06:00:00 C:\WINDOWS\tasks\At3.job
2007-07-13 07:00:00 C:\WINDOWS\tasks\At4.job
2007-07-11 04:00:00 C:\WINDOWS\tasks\At49.job
2007-07-13 08:00:00 C:\WINDOWS\tasks\At5.job
2007-07-11 05:00:00 C:\WINDOWS\tasks\At50.job
2007-07-13 06:00:00 C:\WINDOWS\tasks\At51.job
2007-07-13 07:00:00 C:\WINDOWS\tasks\At52.job
2007-07-13 08:00:00 C:\WINDOWS\tasks\At53.job
2007-07-13 09:00:00 C:\WINDOWS\tasks\At54.job
2007-07-13 10:00:00 C:\WINDOWS\tasks\At55.job
2007-07-13 11:00:00 C:\WINDOWS\tasks\At56.job
2007-07-13 12:00:00 C:\WINDOWS\tasks\At57.job
2007-07-13 13:00:00 C:\WINDOWS\tasks\At58.job
2007-07-13 14:00:00 C:\WINDOWS\tasks\At59.job
2007-07-13 09:00:00 C:\WINDOWS\tasks\At6.job
2007-07-12 15:00:00 C:\WINDOWS\tasks\At60.job
2007-07-12 16:00:00 C:\WINDOWS\tasks\At61.job
2007-07-12 17:00:00 C:\WINDOWS\tasks\At62.job
2007-07-12 18:00:00 C:\WINDOWS\tasks\At63.job
2007-07-12 19:00:00 C:\WINDOWS\tasks\At64.job
2007-07-12 20:00:00 C:\WINDOWS\tasks\At65.job
2007-07-12 21:00:00 C:\WINDOWS\tasks\At66.job
2007-07-12 22:00:00 C:\WINDOWS\tasks\At67.job
2007-07-12 23:00:00 C:\WINDOWS\tasks\At68.job
2007-07-05 00:00:01 C:\WINDOWS\tasks\At69.job
2007-07-13 10:00:00 C:\WINDOWS\tasks\At7.job
2007-07-05 01:00:00 C:\WINDOWS\tasks\At70.job
2007-07-05 02:00:00 C:\WINDOWS\tasks\At71.job
2007-07-05 03:00:00 C:\WINDOWS\tasks\At72.job
2007-07-13 11:00:00 C:\WINDOWS\tasks\At8.job
2007-07-13 12:00:00 C:\WINDOWS\tasks\At9.job
2007-04-02 07:58:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
2005-07-01 23:49:07 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 10:55:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 11:00:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-13 10:59

--- E O F ---
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Delete your current version of ComboFix and download it again from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

stayintheshade

Thread Starter
Joined
Jul 13, 2007
Messages
5
.........thank you



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:06 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\regscan.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\winntify.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Owner\My Documents\My Pictures\HIJACKTHIS\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://www1.snapfish.com/shareelog...058/l=214639076/g=74607887/otsc=SYE/otsi=SALB
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O20 - AppInit_DLLs: ??
O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 9982 bytes
 

stayintheshade

Thread Starter
Joined
Jul 13, 2007
Messages
5
this it the new ComboFix Log

"Owner" - 2007-07-14 13:32:51 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-13 22:38 0 --a------ C:\temp\svcipa.exe
2007-07-13 22:38 0 --a------ C:\svcipa.exe
2007-07-13 10:45 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 10:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-13 03:18 393,224 --a------ C:\sysvzxn.exe
2007-07-06 15:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-05 11:08 81,920 --a------ C:\WINDOWS\system32\winntify.exe
2007-07-04 04:07 <DIR> d-------- C:\Program Files\PestPatrol
2007-07-04 04:00 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-07-04 04:00 <DIR> d-------- C:\KPCMS
2007-07-03 03:50 1,845,324 ---hs---- C:\WINDOWS\system32\ggjlm.bak2
2007-07-02 15:50 6,369 ---hs---- C:\WINDOWS\system32\ggjlm.bak1


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 08:00:16 -------- d-----w C:\Program Files\AIM
2007-07-04 07:57:56 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-03 08:18:46 -------- d-----w C:\Program Files\Kodak
2007-06-03 08:16:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 20:42:35 9,169 ----a-w C:\WINDOWS\system32\lr85.exe
2007-04-27 20:39:51 26,622 ----a-w C:\WINDOWS\system32\lr86.exe
2006-11-04 19:07:57 16,457 ---h--w C:\Program Files\aaaamelk.t
2004-07-22 14:51:34 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58:36 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 02:53:26 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 18:17:16 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 13:13:48 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 13:13:46 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 08:08:36 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08:34 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03:10 62,976 ----a-w C:\Program Files\DSETUP.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-11-04 19:29 399352 --a------ C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 10:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2005-08-17 10:40 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
2005-09-22 17:44 622280 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
2005-08-17 10:40 120312 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-08-02 14:41 524288 --a------ C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
2005-10-04 11:43 682296 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2006-11-06 23:49]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2006-11-06 23:49]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2006-11-06 23:49]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 C:\WINDOWS\ltmsg.exe]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2006-11-06 23:49]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2006-11-06 23:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-26 02:17]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-04-02 15:11]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2004-04-02 15:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-16 16:47]
"WebCamRT.exe"="" []
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-12 11:06]
"Regscan"="C:\WINDOWS\system32\regscan.exe" [2003-10-31 16:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu]
C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=??


Contents of the 'Scheduled Tasks' folder
2007-07-14 04:00:00 C:\WINDOWS\tasks\At1.job
2007-07-13 13:00:00 C:\WINDOWS\tasks\At10.job
2007-07-13 14:00:00 C:\WINDOWS\tasks\At11.job
2007-07-13 15:00:01 C:\WINDOWS\tasks\At12.job
2007-07-14 16:00:00 C:\WINDOWS\tasks\At13.job
2007-07-14 17:00:00 C:\WINDOWS\tasks\At14.job
2007-07-13 18:00:00 C:\WINDOWS\tasks\At15.job
2007-07-13 19:00:00 C:\WINDOWS\tasks\At16.job
2007-07-13 20:00:00 C:\WINDOWS\tasks\At17.job
2007-07-13 21:00:00 C:\WINDOWS\tasks\At18.job
2007-07-13 22:00:00 C:\WINDOWS\tasks\At19.job
2007-07-14 05:00:00 C:\WINDOWS\tasks\At2.job
2007-07-13 23:00:00 C:\WINDOWS\tasks\At20.job
2007-07-14 00:00:00 C:\WINDOWS\tasks\At21.job
2007-07-14 01:00:00 C:\WINDOWS\tasks\At22.job
2007-07-14 02:00:00 C:\WINDOWS\tasks\At23.job
2007-07-14 03:00:00 C:\WINDOWS\tasks\At24.job
2007-07-14 06:00:00 C:\WINDOWS\tasks\At3.job
2007-07-13 07:00:00 C:\WINDOWS\tasks\At4.job
2007-07-14 04:00:00 C:\WINDOWS\tasks\At49.job
2007-07-13 08:00:00 C:\WINDOWS\tasks\At5.job
2007-07-14 05:00:00 C:\WINDOWS\tasks\At50.job
2007-07-14 06:00:00 C:\WINDOWS\tasks\At51.job
2007-07-13 07:00:00 C:\WINDOWS\tasks\At52.job
2007-07-13 08:00:00 C:\WINDOWS\tasks\At53.job
2007-07-13 09:00:00 C:\WINDOWS\tasks\At54.job
2007-07-13 10:00:00 C:\WINDOWS\tasks\At55.job
2007-07-13 11:00:00 C:\WINDOWS\tasks\At56.job
2007-07-13 12:00:00 C:\WINDOWS\tasks\At57.job
2007-07-13 13:00:00 C:\WINDOWS\tasks\At58.job
2007-07-13 14:00:00 C:\WINDOWS\tasks\At59.job
2007-07-13 09:00:00 C:\WINDOWS\tasks\At6.job
2007-07-13 15:00:01 C:\WINDOWS\tasks\At60.job
2007-07-14 16:00:01 C:\WINDOWS\tasks\At61.job
2007-07-14 17:00:00 C:\WINDOWS\tasks\At62.job
2007-07-13 18:00:00 C:\WINDOWS\tasks\At63.job
2007-07-13 19:00:00 C:\WINDOWS\tasks\At64.job
2007-07-13 20:00:00 C:\WINDOWS\tasks\At65.job
2007-07-13 21:00:00 C:\WINDOWS\tasks\At66.job
2007-07-13 22:00:00 C:\WINDOWS\tasks\At67.job
2007-07-13 23:00:00 C:\WINDOWS\tasks\At68.job
2007-07-14 00:00:00 C:\WINDOWS\tasks\At69.job
2007-07-13 10:00:00 C:\WINDOWS\tasks\At7.job
2007-07-14 01:00:00 C:\WINDOWS\tasks\At70.job
2007-07-14 02:00:00 C:\WINDOWS\tasks\At71.job
2007-07-14 03:00:00 C:\WINDOWS\tasks\At72.job
2007-07-13 11:00:00 C:\WINDOWS\tasks\At8.job
2007-07-13 12:00:00 C:\WINDOWS\tasks\At9.job
2007-04-02 07:58:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
2005-07-01 23:49:07 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 13:37:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 13:38:06
C:\ComboFix-quarantined-files.txt ... 2007-07-14 13:37
C:\ComboFix2.txt ... 2007-07-13 11:00

--- E O F ---
 

stayintheshade

Thread Starter
Joined
Jul 13, 2007
Messages
5
sorry i didn't post this last time, i am learning thanks again

Code:
2005-09-05 14:47      217526    --a------    C:\Qoobox\Quarantine\C\Program Files\SurfAccuracy\SAcc.cfg.vir
2006-11-04 15:32      6    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ksl48.bin.vir
2006-12-07 20:23      147456    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir
2007-01-04 04:06      14    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce.tm_.vir
2007-01-04 04:07      8    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce.t__.vir
2007-01-08 13:51      1395659    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\Install.dat.vir
2007-04-24 12:21      9248    --a------    C:\Qoobox\Quarantine\C\temp\0b9\tmpTF.log.vir
2007-04-29 05:09      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\6_exception.nls.vir
2007-05-11 16:57      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-06-06 10:35      618496    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir
2007-07-04 03:42      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mljklmm.dll.vir
2007-07-04 03:47      189    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-07-04 03:50      266336    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\awvvv.dll.vir
2007-07-04 03:50      6369    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vvvwa.bak1.vir
2007-07-04 03:53      930    --a------    C:\Qoobox\Quarantine\C\temp\iee\tmpZTF.log.vir
2007-07-04 03:56      14566    --a------    C:\Qoobox\Quarantine\C\bold.log.vir
2007-07-05 11:20      0    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
2007-07-05 11:20      20    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode.vir
2007-07-05 11:20      5    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr.vir
2007-07-05 11:20      79872    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\FOPN.sys.vir
2007-07-05 11:22      3612    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\WinAntiSpyware 2007\Logs\update.log.vir
2007-07-17 13:41      1310    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NDNET1.reg.cf
2007-07-17 13:41      1322    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
2007-07-17 13:41      750    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Runtime.reg.cf
2007-07-17 13:41      782    --a------    C:\Qoobox\Quarantine\Registry_backups\services_NDnet1.reg.cf


Folder PATH listing for volume PRESARIO
Volume serial number is 18A1-900D
C:\QOOBOX
\---Quarantine
    +---C
    |   |   bold.log.vir
    |   |
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Delete the combofix you have and download it again.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

stayintheshade

Thread Starter
Joined
Jul 13, 2007
Messages
5
i was not having a problem until yesterday,
attached are the new hijackthis log, and the combofix
will not run, i am also gettin random music
i need serious help.......thank you
i feel raped



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:54 AM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\svhost.exe
C:\Program Files\MSN\qubene22011.exe
C:\WINDOWS\retadpu1000106.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\bmyjecox.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://www1.snapfish.com/shareelog...058/l=214639076/g=74607887/otsc=SYE/otsi=SALB
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [qubene] C:\Program Files\MSN\qubene22011.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.3\webbuying.exe
O4 - HKCU\..\Policies\Explorer\Run: [{18A1900D-086E-1033-1219-030804030001}] "C:\Program Files\Common Files\{18A1900D-086E-1033-1219-030804030001}\Update.exe" te-110-12-0000213
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O20 - AppInit_DLLs: ??
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\bmyjecox.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 9562 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top