1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiVirus 2007 Pop Up Help

Discussion in 'Virus & Other Malware Removal' started by nzskier800, Sep 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. nzskier800

    nzskier800 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    7
    I Have a very annoying problem called winantivirus 2007 pro. It is not installed as a program but is installed somewhere on my computer to give me constant pop ups telling me to buy the software and download. please help it is very irritating. Also it has a process that sits on the taskbar and pops up a balloon message telling me to buy the software also. Please Help Here Is A HJT File Log Of This Helps

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:51:10 PM, on 9/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\ikkgjscb.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SkyE2A\SkyE2A.exe
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\WinAvXX.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SkyE] C:\Program Files\SkyE2A\SkyE2A.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\mouseElf.exe
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\Run: [DesktopMechanic] C:\Program Files\Desktop Mechanic\deskmech.exe /QS
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - Startup: system.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.ashtonmitchell.co.nz/qp2.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
    O20 - AppInit_DLLs: ASAPHook
    O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
    O20 - Winlogon Notify: hggghee - hggghee.dll (file missing)
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll (file missing)
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: DomainService - - C:\WINDOWS\system32\ikkgjscb.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 10402 bytes
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  3. nzskier800

    nzskier800 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    7
    ComboFix 07-08-30.3 - "Owner" 2007-09-06 18:02:34.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.379 [GMT 12:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\system.exe
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
    C:\DOCUME~1\Owner\APPLIC~1\macromedia\Flash Player\#SharedObjects\H398VGXC\www.broadcaster.com
    C:\DOCUME~1\Owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\Owner\Desktop\internet explorer.lnk
    C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\system.exe
    C:\Program Files\install provider
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\acbeg.bak1
    C:\WINDOWS\system32\acbeg.bak2
    C:\WINDOWS\system32\acbeg.ini
    C:\WINDOWS\system32\almnuxhj.exe
    C:\WINDOWS\system32\ifnsydvq.dll
    C:\WINDOWS\system32\ikkgjscb.exe
    C:\WINDOWS\system32\jodqvxfe.dll
    C:\WINDOWS\system32\printer.exe
    C:\WINDOWS\system32\rfjgwisp.dll
    C:\WINDOWS\system32\uvvhxdji.exe
    C:\WINDOWS\system32\WinAvXX.exe
    C:\WINDOWS\system32\xwxikygs.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))


    2007-09-06 18:01 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-09-05 22:33 <DIR> d-------- C:\VundoFix Backups
    2007-09-05 22:12 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-05 20:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Joost
    2007-09-05 20:33 <DIR> d-------- C:\Program Files\Joost
    2007-09-04 22:19 <DIR> d-------- C:\Program Files\GetData
    2007-09-04 20:40 <DIR> d-------- C:\Program Files\File Recover
    2007-09-02 20:47 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-09-02 19:23 <DIR> d-------- C:\Program Files\NoAdware5.0
    2007-09-02 18:57 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Desktop Mechanic
    2007-09-02 18:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Spam Monitor
    2007-09-02 17:22 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-09-02 15:19 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-09-02 10:18 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
    2007-09-02 10:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-09-02 10:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
    2007-09-02 09:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
    2007-08-30 18:56 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-08-30 18:56 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-08-30 18:56 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-08-30 18:56 38,728 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-08-30 18:56 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-08-30 18:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
    2007-08-30 17:59 <DIR> d-------- C:\WINDOWS\pss
    2007-08-28 17:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
    2007-08-27 16:46 51,206 --a------ C:\DOCUME~1\Owner\APPLIC~1\spoolsvc.dll
    2007-08-27 16:46 39,424 --a------ C:\WINDOWS\system32\vtr.dll
    2007-08-16 14:00 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-08-12 19:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SpinTop
    2007-08-12 17:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-08-12 17:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-08-12 17:56 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2007-08-12 17:56 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2007-08-12 17:56 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2007-08-12 17:56 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2007-08-12 17:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-08-12 17:56 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2007-08-12 17:56 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-12 17:56 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-12 17:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2007-08-12 17:56 <DIR> d-------- C:\Program Files\HP
    2007-08-12 17:55 110,410 --a------ C:\WINDOWS\hpoins11.dat
    2007-08-12 17:54 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
    2007-08-12 17:54 6,947 --a------ C:\WINDOWS\hpomdl11.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-05 22:35 --------- d-------- C:\Program Files\Common Files\Mediafour
    2007-09-05 22:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-05 08:06 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-08-31 10:45 --------- d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-30 19:49 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype
    2007-08-30 18:23 --------- d-------- C:\Program Files\Common Files\Real
    2007-08-30 18:19 --------- d-------- C:\Program Files\BitComet
    2007-08-30 18:12 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
    2007-08-28 19:33 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-06-26 18:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-20 01:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-13 22:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2007-06-08 20:43 660 --a------ C:\WINDOWS\sfsddfkfj.exe
    2006-12-23 21:23 774144 --a------ C:\Program Files\RngInterstitial.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 00:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 00:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 00:00]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 23:20 C:\WINDOWS\AGRSMMSG.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 06:40]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 06:38]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 21:10]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-19 09:14]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-11 16:13]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-21 13:43]
    "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 06:12]
    "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 16:17]
    "NWEReboot"="" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
    "SkyE"="C:\Program Files\SkyE2A\SkyE2A.exe" [2006-06-15 16:45]
    "mouseElf"="C:\PROGRA~1\TWINTO~1\mouseElf.exe" [2004-06-10 10:01]
    "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-03-13 02:34]
    "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2005-03-13 02:36]
    "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2005-03-13 02:33]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 18:34]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-06-26 14:53]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-07-19 19:28]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"=0 (0x0)
    "NoFileMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebca]
    C:\WINDOWS\system32\gebca.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggghee]
    hggghee.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
    C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2004-11-10 12:19 38912 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=ASAPHook

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli AsWlnPkg

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
    R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
    R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance
    R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
    S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
    S3 usbaucmd;usbaucmd;C:\WINDOWS\system32\drivers\usbaucmd.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance ASChannel


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bc16c68-8fa4-11db-bcd4-0012f0b2c579}]
    AutoRun\command- F:\setupSNK.exe


    Contents of the 'Scheduled Tasks' folder
    2007-09-04 06:00:00 C:\WINDOWS\Tasks\Pareto UNS.job - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-06 18:05:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?4?5??????? ?4?B?????????????hLC? ??????
    SkyE = C:\Program Files\SkyE2A\SkyE2A.exe?????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-06 18:06:57 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-06 18:06

    --- E O F ---
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    that fixed a lot but still more to do

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Processes group click Non-Microsoft
      • In the Win32 Services group click Non-Microsoft
      • In the Driver Services group click Non-Microsoft
      • In the Registry group click ALL
      • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
      • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
      • In the File String Search group select ALL
      in the Additional scans sections please press select all and then unselect event viewer. uncheck non-microsoft only
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here . I will review it when it comes in.
     
  5. nzskier800

    nzskier800 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    7
    (y) Here it is
     

    Attached Files:

  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Start WinPFind3U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    Code:
    [Kill Explorer]
    [Unregister Dlls]
    [Registry - All]
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YN -> gebca -> %System32%\gebca.dll
    YN -> hggghee -> hggghee.dll
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
    [Files/Folders - Created Within 30 days]
    NY -> hadjajr.ini -> %System32%\hadjajr.ini
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
    
    
    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

    when it reboots


    Post the following back here:

    the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  7. nzskier800

    nzskier800 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    7
    Explorer killed successfully
    [Registry - All]
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebca deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggghee deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    [Files/Folders - Created Within 30 days]
    C:\WINDOWS\SYSTEM32\hadjajr.ini moved successfully.
    [Empty Temp Folders]
    C:\DOCUME~1\Owner\LOCALS~1\Temp\ -> emptied.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
    RecycleBin -> emptied.
    Explorer started successfully
    < End of log >
    Created on 09/08/2007 13:11:01
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    it should be clear now but to double check

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Download Free Trial link to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:
      • Sweep Memory Objects
      • Sweep Windows Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/619865

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice