# Solved: Winpop virus and IE window popus



## mac-mac (Aug 3, 2007)

Hi Guys,
My computer was working fine until about a week ago. Something happened while I was browsing online and all the sudden, my computer slowed down dramatically. I also started getting IE window pops up every where. I checked some teshnical forums and checked my installed programes, where I found winpop.exe. I alo check the task manager for processes running and I could see the winpop.exe process running. So I uninstalled that program and it stopped showing up in the processes on task manager. However this did not stop the IE window pop ups. Infact since then my computer has slowed down drastically and I still get the IE window pop ups. In addition to that since last 2 days, my task manager is locked. Every few minutes I get a pop up message saying "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience". It has two tabs Debug and Close. When I click on close all my opened IE windows are closed. I found a thread on this forum just last month on 2nd July for Winpop virus. I tried to reply to the same thread with my problem however it said I did not have enoough access, so I am starting a new thread. Please help me clean this? I can hardly do anything with it. Thanks for the help guys.

Here's my hijkacthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:20 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\TEMP\win14D.tmp.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zbdrbswu\ghtdfuse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pr...11089420950000000114007536298&version=g_4.4.2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [{97-71-1F-FF-ZN}] C:\windows\system32\psdsregk.exe SKY009
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\swintqdt.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win14D.tmp.exe
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [xmnedwxy] rundll32.exe "C:\Program Files\shavepwf\stczuxcv.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [ghtdfuse] C:\Program Files\Zbdrbswu\ghtdfuse.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\omdfoawc.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\CROSOF~1.NET\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Eooddf] C:\WINDOWS\SYSTEM32\?ssembly\userinit.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'NETWORK SERVICE')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\swintqdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://stlo-wsmtqc/sabin/Spider90.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWU\command.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM WebSphere Application Server V6 - MILAN (IBMWAS6Service - MILAN) - Unknown owner - C:\Program Files\IBM\WebSphere\AppServer\bin\wasservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://media1.santabanta.com/full1/global celebrities(f)/kate hudson/kat1v.jpg
O24 - Desktop Component 1: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 15468 bytes


----------



## MFDnNC (Sep 7, 2004)

A mess!








Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. *Beware it is NOT supported for use in 9x or ME and probably will not install in those systems*

*Ugrading Java*: 

Download the latest version of *Java Runtime Environment (JRE) 6u2*.
Scroll down to where it says "*The J2SE Runtime Environment (JRE) allows end-users to run Java applications*".
Click the "*Download*" button to the right.
Check the box that says: "*Accept License Agreement*".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
=================

*NOTE: If you have downloaded ComboFix previously please delete that version and download it again!*

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note: 
Do not mouseclick combofix's window while its running. That may cause it to stall
=============

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me *with a new HijackThis log*.

This will take some time!!!!!!!!


----------



## mac-mac (Aug 3, 2007)

Thanks for your quick response! I did all the procedure you mentioned. Here are the logs files after I ran ComboFix followed by Hijackthis: ComboFix log file, ComboFix-quarantined-files, hijackthis log:

ComboFix.log------

ComboFix 07-08-03.4 - "Me" 2007-08-02 21:33:26.1 [GMT -5:00] - NTFS 
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\LOCALS~1\APPLIC~1\install.dat
C:\DOCUME~1\Me\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Me\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Me\APPLIC~1\..\err.log>>d-delA.cf
C:\DOCUME~1\Me\APPLIC~1\.rdr.ini
C:\DOCUME~1\Me\APPLIC~1\install.dat
C:\DOCUME~1\NETWOR~1\APPLIC~1\.rdr.ini
C:\DOCUME~1\NETWOR~1\APPLIC~1\install.dat
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\TTC.dll
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\csrss.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\ajesfhsd.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\aumijrgt.exe
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\bapwpidj.exe
C:\WINDOWS\system32\bibcdeug.exe
C:\WINDOWS\system32\cbkuthpm.exe
C:\WINDOWS\SYSTEM32\cfhjl.ini2
C:\WINDOWS\SYSTEM32\cfhjl.tmp
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\deebuwio.exe
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\eqjshncl.exe
C:\WINDOWS\system32\gnojtyjw.exe
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\L1
C:\WINDOWS\system32\L1\mwspasrt83122.exe
C:\WINDOWS\system32\L11
C:\WINDOWS\system32\L11\z553.exe
C:\WINDOWS\system32\L3
C:\WINDOWS\system32\L3\wr716.exe
C:\WINDOWS\system32\L5
C:\WINDOWS\system32\L5\tns2.exe
C:\WINDOWS\system32\L7
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\ljhfc.dll
C:\WINDOWS\system32\ljjjhgf.dll
C:\WINDOWS\system32\mdclinfe.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pjqynniu.exe
C:\WINDOWS\system32\pmnmjig.dll
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\ssembl~1\userinit.exe
C:\WINDOWS\system32\tlldfyve.dll
C:\WINDOWS\system32\tlneofkh.exe
C:\WINDOWS\system32\ukifcjai.exe
C:\WINDOWS\system32\urqqrpp.dll
C:\WINDOWS\system32\vycsxkbe.exe
C:\WINDOWS\system32\wapisvsu.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winfcm32.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\yhcqvaob.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\TWU\asappsrv.dll
C:\WINDOWS\uninst2.htm
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\unist1.htm
C:\WINDOWS\wr.txt
C:\winstall.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\ApiMon
-------\cmdService
-------\core
-------\fopn
-------\Net Agent
-------\Network Monitor

((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))

2007-08-02 21:31	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-08-02 19:28	125,504	--a------	C:\WINDOWS\SYSTEM32\omdfoawc.dll
2007-08-02 19:21 d--------	C:\Program Files\Picasa2
2007-08-02 18:33	125,504	--a------	C:\WINDOWS\SYSTEM32\bxlhonmx.dll
2007-08-02 08:09	125,504	--a------	C:\WINDOWS\SYSTEM32\ueemylyf.dll
2007-08-02 08:01	70,252	--a------	C:\Program Files\setup.exe
2007-07-27 01:30	70,312	--a------	C:\Program Files\codec_setup.exe
2007-07-27 01:28 d--------	C:\WINDOWS\SYSTEM32\betpdcow
2007-07-27 01:28 d--------	C:\Program Files\Zzmuwqfa
2007-07-27 01:28 d--------	C:\Program Files\Zbdrbswu
2007-07-27 01:28 d--------	C:\Program Files\SecCenter
2007-07-27 01:27	18,432	--a------	C:\WINDOWS\SYSTEM32\wnupdate.exe
2007-07-27 01:27	18,432	--a------	C:\WINDOWS\SYSTEM32\prx.exe
2007-07-27 01:27 d--------	C:\Program Files\shavepwf
2007-07-27 01:20	6,689	--a------	C:\WINDOWS\SYSTEM32\ldcore.dll
2007-07-25 22:58 d--hs----	C:\WINDOWS\TWU
2007-07-25 22:58 d--------	C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-07-24 23:02 d--------	C:\Program Files\Trend Micro
2007-07-23 18:22 d--------	C:\Temp

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 21:01	---------	d--------	C:\Program Files\Trojan Remover
2007-08-02 21:01	---------	d--------	C:\Program Files\Enigma Software Group
2007-07-25 23:41	---------	d--------	C:\DOCUME~1\Me\APPLIC~1\Juniper Networks
2007-06-25 08:54	53248	--a------	C:\WINDOWS\uni_eh44.exe
2007-06-25 08:53	53248	--a------	C:\WINDOWS\uninst1014.exe
2007-06-20 23:12	---------	d--------	C:\Program Files\Google
2007-06-14 04:22	2231	--a------	C:\Program Files\folder.js
2007-05-16 10:12	86528	---------	C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12	85504	---------	C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12	683520	--a------	C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12	683520	---------	C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12	510976	---------	C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12	1314816	---------	C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24	3583488	--a------	C:\WINDOWS\system32\dllcache\mshtml.dll
2006-03-24 01:54	1388	--a------	C:\DOCUME~1\Me\APPLIC~1\ViewerApp.dat
2005-07-29 21:24:26	472	--sha-r	C:\WINDOWS\TWU\nqo.vbs

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17481881-D413-F796-1A67-888DCB2DD2CA}]
C:\WINDOWS\system32\dmks.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18191ED7-831A-F694-1A13-FE8DCA50D0C2}]
C:\WINDOWS\system32\sdshnyh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F2C9C90-529E-8145-2E89-06A7789C150D}]
2007-07-27 01:28	102400	--a------	C:\Program Files\Zzmuwqfa\iuhiqyaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EF3F721-FA5B-4750-8779-A076FF792D73}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 15:32]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 22:10]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-05-16 20:18]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-03-12 07:25]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-03-12 07:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 13:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-14 04:43]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2006-10-09 17:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-19 22:08]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
"svhost"="C:\WINDOWS\svhost.exe" []
"{97-71-1F-FF-ZN}"="C:\windows\system32\psdsregk.exe" []
"g4356cbvy63"="C:\WINDOWS\g4356cbvy63" []
"csrss"="C:\WINDOWS\csrss.exe" []
"xmnedwxy"="C:\Program Files\shavepwf\stczuxcv.dll" [2007-07-27 01:27]
"ghtdfuse"="C:\Program Files\Zbdrbswu\ghtdfuse.exe" [2007-07-27 01:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Sen"="C:\WINDOWS\CROSOF~1.NET\wuauclt.exe" []
"Eooddf"="C:\WINDOWS\SYSTEM32\?ssembly\userinit.exe" []

C:\Documents and Settings\Me\Start Menu\Programs\Startup\
BitTorrent.lnk - C:\Program Files\BitTorrent\bittorrent.exe [2006-02-03 02:42:04]
DESKTOP.INI [2004-08-10 13:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-10-19 22:07:44]
DESKTOP.INI [2004-08-10 13:04:12] 
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-19 22:06:49]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-06 14:55:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 07:05:56]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2006-04-29 18:33:42]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2004-11-03 00:34:07]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2004-11-03 00:34:04]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 afpa;afpa;\??\C:\WINDOWS\system32\drivers\afpa.sys
R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 IBMWAS6Service - MILAN;IBM WebSphere Application Server V6 - MILAN;"C:\Program Files\IBM\WebSphere\AppServer\bin\wasservice.exe" "IBMWAS6Service - MILAN"
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w22n51.sys
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys

Contents of the 'Scheduled Tasks' folder
2007-07-21 01:00:18 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Me.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-08-03 03:03:23 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 22:00:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 22:04:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 22:04

--- E O F ---


----------



## mac-mac (Aug 3, 2007)

ComboFix-quarantined-files.log--------------


```
1989-12-12 10:10      20480    --a------    C:\Qoobox\Quarantine\C\WINDOWS\offun.exe.vir
2003-01-30 12:52      12073    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FAD.sys.vir
2005-08-02 16:46      187904    --a------    C:\Qoobox\Quarantine\C\WINDOWS\TWU\asappsrv.dll.vir
2005-10-10 18:29      510    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Unist1.htm.vir
2005-12-27 03:54      1853447    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Me\APPLIC~1\Install.dat.vir
2006-01-03 17:45      1989    --a------    C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir
2006-01-04 18:09      94208    --a------    C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir
2006-09-01 04:32      84697    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b104.exe.vir
2006-09-15 16:22      480    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Uninst2.htm.vir
2006-11-09 01:11      29184    --a------    C:\Qoobox\Quarantine\C\winstall.exe.vir
2006-12-07 20:23      147456    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir
2007-01-12 15:00      18031    --a------    C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-04-24 11:21      9248    --a------    C:\Qoobox\Quarantine\C\Temp\0c2\tmpFF.log.vir
2007-05-01 10:35      146432    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir
2007-06-06 10:35      618496    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir
2007-06-18 13:59      163840    --a------    C:\Qoobox\Quarantine\C\Program Files\TTC.dll.vir
2007-06-19 01:00      115606    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\L1\mwspasrt83122.exe.vir
2007-06-20 09:50      229888    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\SSEMBL~1\userinit.exe.vir
2007-06-29 10:42      146944    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir
2007-07-10 19:01      232448    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\L11\z553.exe.vir
2007-07-11 00:00      32768    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\b10FdUe\b10FdUe1099.exe.vir
2007-07-11 19:54      86056    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\L5\tns2.exe.vir
2007-07-16 22:21      9814    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\L3\wr716.exe.vir
2007-07-17 07:27      56320    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir
2007-07-23 18:18      36352    --a------    C:\Qoobox\Quarantine\C\WINDOWS\poolsv.exe.vir
2007-07-23 18:21      38400    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\svhost.exe.vir
2007-07-23 18:21      88272    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe.vir
2007-07-23 18:22      0    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
2007-07-23 18:22      10316    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\wr-1-0000077.exe.vir
2007-07-23 18:22      109560    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir
2007-07-23 18:22      164787    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk.vir
2007-07-23 18:22      186621    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir
2007-07-23 18:22      20    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode.vir
2007-07-23 18:22      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljjjhgf.dll.vir
2007-07-23 18:22      49152    --a------    C:\Qoobox\Quarantine\C\WINDOWS\TISKY009.exe.vir
2007-07-23 18:22      5    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr.vir
2007-07-23 18:22      72832    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\core.sys.vir
2007-07-23 18:22      79872    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FOPN.sys.vir
2007-07-23 18:23      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\urqqrpp.dll.vir
2007-07-23 18:23      34816    --a------    C:\Qoobox\Quarantine\C\WINDOWS\rau001978.exe.vir
2007-07-23 18:23      40183    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinUninstaller.exe.vir
2007-07-23 18:30      7531    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Me\APPLIC~1\WinAntiSpyware 2007\Logs\update.log.vir
2007-07-23 22:37      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Me\err.log.vir
2007-07-24 17:42      21    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zxdnt3d.cfg.vir
2007-07-24 17:43      932    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winpfz32.sys.vir
2007-07-24 18:15      39424    --a------    C:\Qoobox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir
2007-07-24 18:37      228960    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljhfc.dll.vir
2007-07-25 17:56      9804    --a------    C:\Qoobox\Quarantine\C\Program Files\svhost\wr-1-0000077.exe.vir
2007-07-25 17:57      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wapisvsu.exe.vir
2007-07-25 22:58      687592    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atmtd.dll._.vir
2007-07-25 22:58      687592    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atmtd.dll.vir
2007-07-27 01:20      6689    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ldcore.dll.vir
2007-07-27 01:20      930    --a------    C:\Qoobox\Quarantine\C\Temp\brr\tmpZTF.log.vir
2007-07-27 01:21      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat.vir
2007-07-27 01:21      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat.vir
2007-07-27 01:21      16    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\NETWOR~1\APPLIC~1\.rdr.ini.vir
2007-07-27 01:21      16    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\.rdr.ini.vir
2007-07-27 01:21      19968    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winfcm32.dll.vir
2007-07-27 01:21      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pmnmjig.dll.vir
2007-07-27 01:21      476    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ldinfo.ldr.vir
2007-07-27 01:21      6110    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dllh8jkd1q1.exe.vir
2007-07-27 01:25      100    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msnav32.ax.vir
2007-07-27 01:25      16    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Me\APPLIC~1\.rdr.ini.vir
2007-07-27 01:25      530    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-07-27 01:26      12288    --a------    C:\Qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir
2007-07-29 19:55      4672    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bapwpidj.exe.vir
2007-07-29 19:58      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yhcqvaob.exe.vir
2007-07-29 20:01      4672    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\deebuwio.exe.vir
2007-07-29 20:07      69184    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tlldfyve.dll.vir
2007-07-29 20:18      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tlneofkh.exe.vir
2007-07-30 19:27      7219    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhjl.tmp.vir
2007-07-31 07:51      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vycsxkbe.exe.vir
2007-07-31 08:00      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bibcdeug.exe.vir
2007-07-31 18:17      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cbkuthpm.exe.vir
2007-07-31 22:30      30720    --a------    C:\Qoobox\Quarantine\C\WINDOWS\csrss.exe.vir
2007-08-01 18:55      10240    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hlpsrv.exe.vir
2007-08-01 19:29      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ajesfhsd.exe.vir
2007-08-01 23:22      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pjqynniu.exe.vir
2007-08-02 07:57      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ukifcjai.exe.vir
2007-08-02 08:01      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gnojtyjw.exe.vir
2007-08-02 18:00      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\eqjshncl.exe.vir
2007-08-02 18:10      4672    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\aumijrgt.exe.vir
2007-08-02 18:18      66112    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mdclinfe.exe.vir
2007-08-02 21:24      390    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cfhjl.ini2.vir
2007-08-02 21:50      1122    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.cf
2007-08-02 21:50      1334    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-08-02 21:50      814    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NET_AGENT.reg.cf
2007-08-02 21:50      832    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.cf
2007-08-02 21:50      990    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_FOPN.reg.cf
2007-08-02 21:51      21086    --a------    C:\Qoobox\Quarantine\Registry_backups\services_fopn.reg.cf
2007-08-02 21:51      2242    --a------    C:\Qoobox\Quarantine\Registry_backups\services_ApiMon.reg.cf
2007-08-02 21:51      2430    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Net Agent.reg.cf
2007-08-02 21:51      2462    --a------    C:\Qoobox\Quarantine\Registry_backups\services_cmdService.reg.cf
2007-08-02 21:51      2822    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Network Monitor.reg.cf
2007-08-02 21:51      762    --a------    C:\Qoobox\Quarantine\Registry_backups\hklm_windowsNT_windows.reg.cf
2007-08-02 21:51      994    --a------    C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf
2007-08-02 21:55      467    --a------    C:\Qoobox\Quarantine\catchme.log
2007-08-02 21:55      94602    --a------    C:\Qoobox\Quarantine\catchme2007-08-02_220035.44.zip


Folder PATH listing
Volume serial number is 00080188 90F9:71FF
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   catchme2007-08-02_220035.44.zip
    |   
    +---C
    |   |   winstall.exe.vir
    |   |   
    |   +---DOCUME~1
    |   |   +---ALLUSE~1
    |   |   |   \---APPLIC~1
    |   |   |       \---WinAntiSpyware 2007
    |   |   |           \---Data
    |   |   |                   Abbr.vir
    |   |   |                   ProductCode.vir
    |   |   |                   
    |   |   +---LOCALS~1
    |   |   |   \---APPLIC~1
    |   |   |           Install.dat.vir
    |   |   |           
    |   |   +---Me
    |   |   |   |   err.log.vir
    |   |   |   |   
    |   |   |   \---APPLIC~1
    |   |   |       |   .rdr.ini.vir
    |   |   |       |   Install.dat.vir
    |   |   |       |   
    |   |   |       \---WinAntiSpyware 2007
    |   |   |           \---Logs
    |   |   |                   update.log.vir
    |   |   |                   
    |   |   \---NETWOR~1
    |   |       \---APPLIC~1
    |   |               .rdr.ini.vir
    |   |               Install.dat.vir
    |   |               
    |   +---Program Files
    |   |   |   TTC.dll.vir
    |   |   |   
    |   |   +---Common Files
    |   |   |   |   Yazzle1162OinAdmin.exe.vir
    |   |   |   |   Yazzle1549OinAdmin.exe.vir
    |   |   |   |   Yazzle1549OinUninstaller.exe.vir
    |   |   |   |   
    |   |   |   \---WinAntiSpyware 2007
    |   |   |           err.log.vir
    |   |   |           uwas7cw.exe.vir
    |   |   |           WAS7Mon.exe.vir
    |   |   |           
    |   |   +---Network Monitor
    |   |   |       netmon.exe.vir
    |   |   |       
    |   |   +---Outerinfo
    |   |   |       Terms.rtf.vir
    |   |   |       
    |   |   +---poolsv
    |   |   |       k11u72.exe.vir
    |   |   |       svhost.exe.vir
    |   |   |       WinAntiSpyware2007FreeInstall.exe.vir
    |   |   |       wr-1-0000077.exe.vir
    |   |   |       YazzleBundle-1549.exe.vir
    |   |   |       
    |   |   \---svhost
    |   |           wr-1-0000077.exe.vir
    |   |           
    |   +---Temp
    |   |   +---0c2
    |   |   |       tmpFF.log.vir
    |   |   |       
    |   |   \---brr
    |   |           tmpZTF.log.vir
    |   |           
    |   \---WINDOWS
    |       |   b104.exe.vir
    |       |   b122.exe.vir
    |       |   csrss.exe.vir
    |       |   mgrs.exe.vir
    |       |   offun.exe.vir
    |       |   poolsv.exe.vir
    |       |   rau001978.exe.vir
    |       |   retadpu1000106.exe.vir
    |       |   TISKY009.exe.vir
    |       |   Uninst2.htm.vir
    |       |   uninstall_nmon.vbs.vir
    |       |   Unist1.htm.vir
    |       |   wr.txt.vir
    |       |   
    |       +---SYSTEM32
    |       |   |   ajesfhsd.exe.vir
    |       |   |   atmtd.dll.vir
    |       |   |   atmtd.dll._.vir
    |       |   |   aumijrgt.exe.vir
    |       |   |   bapwpidj.exe.vir
    |       |   |   bibcdeug.exe.vir
    |       |   |   cbkuthpm.exe.vir
    |       |   |   cfhjl.ini2.vir
    |       |   |   cfhjl.tmp.vir
    |       |   |   deebuwio.exe.vir
    |       |   |   dllh8jkd1q1.exe.vir
    |       |   |   eqjshncl.exe.vir
    |       |   |   gnojtyjw.exe.vir
    |       |   |   hlpsrv.exe.vir
    |       |   |   ldcore.dll.vir
    |       |   |   ldinfo.ldr.vir
    |       |   |   ljhfc.dll.vir
    |       |   |   ljjjhgf.dll.vir
    |       |   |   mdclinfe.exe.vir
    |       |   |   msnav32.ax.vir
    |       |   |   pjqynniu.exe.vir
    |       |   |   pmnmjig.dll.vir
    |       |   |   tlldfyve.dll.vir
    |       |   |   tlneofkh.exe.vir
    |       |   |   ukifcjai.exe.vir
    |       |   |   urqqrpp.dll.vir
    |       |   |   vycsxkbe.exe.vir
    |       |   |   wapisvsu.exe.vir
    |       |   |   winfcm32.dll.vir
    |       |   |   winpfz32.sys.vir
    |       |   |   yhcqvaob.exe.vir
    |       |   |   zxdnt3d.cfg.vir
    |       |   |   
    |       |   +---b10FdUe
    |       |   |       b10FdUe1099.exe.vir
    |       |   |       
    |       |   +---CONFIG
    |       |   |   \---systemprofile
    |       |   |       \---Application Data
    |       |   |               .rdr.ini.vir
    |       |   |               
    |       |   +---DRIVERS
    |       |   |       core.cache.dsk.vir
    |       |   |       core.sys.vir
    |       |   |       FAD.sys.vir
    |       |   |       FOPN.sys.vir
    |       |   |       
    |       |   +---L1
    |       |   |       mwspasrt83122.exe.vir
    |       |   |       
    |       |   +---L11
    |       |   |       z553.exe.vir
    |       |   |       
    |       |   +---L3
    |       |   |       wr716.exe.vir
    |       |   |       
    |       |   +---L5
    |       |   |       tns2.exe.vir
    |       |   |       
    |       |   \---SSEMBL~1
    |       |           userinit.exe.vir
    |       |           
    |       \---TWU
    |               asappsrv.dll.vir
    |               
    \---Registry_backups
            hklm_windowsNT_windows.reg.cf
            LEGACY_CMDSERVICE.reg.cf
            LEGACY_CORE.reg.cf
            LEGACY_FOPN.reg.cf
            LEGACY_NETWORK_MONITOR.reg.cf
            LEGACY_NET_AGENT.reg.cf
            services_ApiMon.reg.cf
            services_cmdService.reg.cf
            services_core.reg.cf
            services_fopn.reg.cf
            services_Net Agent.reg.cf
            services_Network Monitor.reg.cf
```


----------



## mac-mac (Aug 3, 2007)

HijackThis.log------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:24 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zbdrbswu\ghtdfuse.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17481881-D413-F796-1A67-888DCB2DD2CA} - C:\WINDOWS\system32\dmks.dll (file missing)
O2 - BHO: (no name) - {18191ED7-831A-F694-1A13-FE8DCA50D0C2} - C:\WINDOWS\system32\sdshnyh.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {6F2C9C90-529E-8145-2E89-06A7789C150D} - C:\Program Files\Zzmuwqfa\iuhiqyaa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8EF3F721-FA5B-4750-8779-A076FF792D73} - \
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [{97-71-1F-FF-ZN}] C:\windows\system32\psdsregk.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [xmnedwxy] rundll32.exe "C:\Program Files\shavepwf\stczuxcv.dll",Init
O4 - HKLM\..\Run: [ghtdfuse] C:\Program Files\Zbdrbswu\ghtdfuse.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\CROSOF~1.NET\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Eooddf] C:\WINDOWS\SYSTEM32\?ssembly\userinit.exe
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'NETWORK SERVICE')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://stlo-wsmtqc/sabin/Spider90.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM WebSphere Application Server V6 - MILAN (IBMWAS6Service - MILAN) - Unknown owner - C:\Program Files\IBM\WebSphere\AppServer\bin\wasservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://media1.santabanta.com/full1/global celebrities(f)/kate hudson/kat1v.jpg
O24 - Desktop Component 1: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 14703 bytes


----------



## mac-mac (Aug 3, 2007)

After this, I ran the SUPERAntiSpyware. Here are the log files from the scan and a final Hijackthis log file:

SUPERAntiSpyware.log-----------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2007 at 03:19 AM

Application Version : 3.9.1008

Core Rules Database Version : 3278
Trace Rules Database Version: 1289

Scan type : Complete Scan
Total Scan Time : 04:07:29

Memory items scanned : 591
Memory threats detected : 0
Registry items scanned : 7089
Registry threats detected : 52
File items scanned : 244290
File threats detected : 416

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}#AppID
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32#ThreadingModel
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\ProgID
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\Programmable
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\TypeLib
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\VersionIndependentProgID
C:\PROGRAM FILES\WINANTISPYWARE 2007\SHELLEXT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\washellext.ShellHook.1
HKCR\washellext.ShellHook.1\CLSID
HKCR\washellext.ShellHook
HKCR\washellext.ShellHook\CLSID
HKCR\washellext.ShellHook\CurVer
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\FLAGS
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][4].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][7].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][4].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][6].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][4].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][9].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][4].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][5].txt
C:\Documents and Settings\Me\Cookies\[email protected][6].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][8].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][6].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][5].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][6].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][7].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][9].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][5].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][10].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][2].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Me\Cookies\[email protected][3].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}#AppID
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\LocalServer32
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\Programmable
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0\win32
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\FLAGS
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\HELPDIR
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid32
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib#Version

Trojan.Windows Overlay Components/SysMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

Trojan.PestTrap
HKU\S-1-5-21-3047823902-2604044545-1231043415-1006\Software\SNO2

Trojan.Anti-Virus Pro
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000\LogConf

Adware.ClickSpring/Outer Info Network
C:\Documents and Settings\Me\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Me\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Me\Start Menu\Programs\Outerinfo

Trojan.TagASaurus
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\DESKTOP\SEARCHUS.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\DESKTOP\SEARCHUS.EXE

Trojan.Downloader-Gen/Micky
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\7.DLLB
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\7.DLLB

Trojan.Downloader-StdRun/Gen
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN1.EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN2.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN1.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN2.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN3.EXE

Trojan.Downloader-StdRun/Variant
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN3.EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN4.EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN5.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN4.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN5.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN6.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN7.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN8.EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN9.EXE

Trojan.Downloader-LDCore
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ODAJCD6Z\USER4[1].EXE
C:\WINDOWS\SYSTEM32\LDCORE.DLL

Adware.Search2Find
C:\DOCUMENTS AND SETTINGS\ME\DESKTOP\FIND SPYWARE REMOVER.LNK
C:\DOCUMENTS AND SETTINGS\ME\DESKTOP\FREE ONLINE DATING.LNK
C:\DOCUMENTS AND SETTINGS\ME\DESKTOP\GO TO CASINO.LNK
C:\RECYCLER\S-1-5-21-3047823902-2604044545-1231043415-1006\DC17.LNK
C:\RECYCLER\S-1-5-21-3047823902-2604044545-1231043415-1006\DC18.LNK
C:\RECYCLER\S-1-5-21-3047823902-2604044545-1231043415-1006\DC19.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0048270.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0048272.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0048274.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0048316.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0048317.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0048319.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049393.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049395.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049397.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049449.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049451.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049453.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049476.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049478.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049480.LNK

Trojan.Downloader-NoName
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\16MON.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\16SV.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\HOSTLOOK.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\POWERPOWER.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\SERVERSYS.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\SV32.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\SVSERVER.EXE
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\SYSAGENT.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HLPSRV.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049389.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050804.EXE

Trojan.Downloader-CommandDesktop
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\CMDINST.EXE

Trojan.SpySheriff
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\OESLEAYO.EXE
C:\DOCUMENTS AND SETTINGS\ME\PRIPILIE.EXE
C:\QOOBOX\QUARANTINE\C\WINSTALL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050794.EXE


----------



## mac-mac (Aug 3, 2007)

Trojan.Downloader-PoolSV
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMP\POOLSV.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\POOLSV.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050799.EXE

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\USD3H9Q6\INSTALLER[1].EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAPISVSU.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050749.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050751.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050752.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXYNCPW3\XC60[1].EXE
C:\WINDOWS\TWU\NQO.VBS

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\YAZZLEBUNDLE-1549.EXE.VIR

Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050777.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\WINANTISPYWARE2007FREEINSTALL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050780.EXE

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TTC.DLL.VIR

Trojan.Downloader-VisFX
C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050796.EXE

Adware.Vundo/Traff-2
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AUMIJRGT.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DEEBUWIO.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0049301.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0049324.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049371.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049410.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049411.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049431.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049460.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0049523.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050770.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050772.EXE

Trojan.Downloader-Gen/TStamp
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BAPWPIDJ.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050771.EXE

Adware.SysMon
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\L11\Z553.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050789.EXE

Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SSEMBL~1\USERINIT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050784.EXE

Adware.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ZXDNT3D.CFG.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050801.CFG

Adware.ZenoSearch
C:\QOOBOX\QUARANTINE\C\WINDOWS\TISKY009.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050803.EXE

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\TWU\ASAPPSRV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050774.DLL

Unclassified.Unknown Origin/System
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050765.DLL

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050767.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050769.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050814.DLL

Trojan.Rootkit-TnCore/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0050787.EXE

Malware.Ultimate Defender
C:\WINDOWS\SYSTEM32\BETPDCOW\BETPDCOW1.EXE
C:\WINDOWS\SYSTEM32\BETPDCOW\BETPDCOW2.EXE
C:\WINDOWS\SYSTEM32\BETPDCOW\BETPDCOW3.EXE

Trojan.Downloader-Gen/AVP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTCDQRMN\XC23[1].EXE

Trojan.Downloader-Gen/Mandingo
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXYNCPW3\XC29[1].EXE

Adware.ClickSpring/Resident
C:\WINDOWS\SYSTEM32\DMKS.DLL.BAK
C:\WINDOWS\SYSTEM32\SDSHNYH.DLL.BAK

Trojan.IERedirector
C:\WINDOWS\SYSTEM32\DNSERSND.DLL.BAK


----------



## mac-mac (Aug 3, 2007)

Final Hijackthis Log---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:14 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zbdrbswu\ghtdfuse.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17481881-D413-F796-1A67-888DCB2DD2CA} - C:\WINDOWS\system32\dmks.dll (file missing)
O2 - BHO: (no name) - {18191ED7-831A-F694-1A13-FE8DCA50D0C2} - C:\WINDOWS\system32\sdshnyh.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {6F2C9C90-529E-8145-2E89-06A7789C150D} - C:\Program Files\Zzmuwqfa\iuhiqyaa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8EF3F721-FA5B-4750-8779-A076FF792D73} - \
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [{97-71-1F-FF-ZN}] C:\windows\system32\psdsregk.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [xmnedwxy] rundll32.exe "C:\Program Files\shavepwf\stczuxcv.dll",Init
O4 - HKLM\..\Run: [ghtdfuse] C:\Program Files\Zbdrbswu\ghtdfuse.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\CROSOF~1.NET\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Eooddf] C:\WINDOWS\SYSTEM32\?ssembly\userinit.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'NETWORK SERVICE')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://stlo-wsmtqc/sabin/Spider90.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM WebSphere Application Server V6 - MILAN (IBMWAS6Service - MILAN) - Unknown owner - C:\Program Files\IBM\WebSphere\AppServer\bin\wasservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://media1.santabanta.com/full1/global celebrities(f)/kate hudson/kat1v.jpg
O24 - Desktop Component 1: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 14936 bytes


----------



## MFDnNC (Sep 7, 2004)

Is your Norton AV up to date ??????????

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis  mark them, close IE, click fix checked

O2 - BHO: (no name) - {17481881-D413-F796-1A67-888DCB2DD2CA} - C:\WINDOWS\system32\dmks.dll (file missing)

O2 - BHO: (no name) - {18191ED7-831A-F694-1A13-FE8DCA50D0C2} - C:\WINDOWS\system32\sdshnyh.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {6F2C9C90-529E-8145-2E89-06A7789C150D} - C:\Program Files\Zzmuwqfa\iuhiqyaa.dll

O2 - BHO: (no name) - {8EF3F721-FA5B-4750-8779-A076FF792D73} - \

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"

O4 - HKLM\..\Run: [{97-71-1F-FF-ZN}] C:\windows\system32\psdsregk.exe SKY009

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe

O4 - HKLM\..\Run: [xmnedwxy] rundll32.exe "C:\Program Files\shavepwf\stczuxcv.dll",Init

O4 - HKLM\..\Run: [ghtdfuse] C:\Program Files\Zbdrbswu\ghtdfuse.exe

O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\CROSOF~1.NET\wuauclt.exe" -vt yazb

O4 - HKCU\..\Run: [Eooddf] C:\WINDOWS\SYSTEM32\?ssembly\userinit.exe

O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'NETWORK SERVICE')

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab

O24 - Desktop Component 1: Warning homepage - C:\WINDOWS\warnhp.html

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Windows\xpupdate.exe
C:\Program Files\Zzmuwqfa\iuhiqyaa.dll
C:\WINDOWS\svhost.exe
C:\windows\system32\psdsregk.exe
C:\WINDOWS\g4356cbvy63
C:\WINDOWS\csrss.exe
C:\Program Files\shavepwf
C:\Program Files\Zbdrbswu

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START  RUN  type in %temp% - OK - Edit  Select all  File  Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

*Please give feedback on what worked/didnt work and the current status of your system*


----------



## mac-mac (Aug 3, 2007)

Thanks again for you quick response! I did the procedure you explained above. Everything worked EXACTLY as you described. The things which were different were: (1) When I ran Killbox.exe to delete each of the files you mentioned, it said : "backup and delete" instead of just "delete". Does it keep a copy of those files as a backup? (2) When I did START - RUN - type in %temp% - OK - Edit - Select all - File - Delete, it said: "There are 3 hidden files, would you like to delete them too" where I clicked OK.

Other than these 2 things, it worked EXACTLY as the procedure you described.

Below is the hijackthis log file which I ran after doing all the procedure and a reboot in normal mode.

-----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:25 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://stlo-wsmtqc/sabin/Spider90.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM WebSphere Application Server V6 - MILAN (IBMWAS6Service - MILAN) - Unknown owner - C:\Program Files\IBM\WebSphere\AppServer\bin\wasservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://media1.santabanta.com/full1/global celebrities(f)/kate hudson/kat1v.jpg

--
End of file - 13373 bytes


----------



## mac-mac (Aug 3, 2007)

Forgot to mention: 

YES, my Norton AV is OLD and NOT up to date.


----------



## MFDnNC (Sep 7, 2004)

REmove norton in add remove programs

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
=============

Clean








If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on  heres how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.


----------



## mac-mac (Aug 3, 2007)

Thank you very much MFDnNC!! My problem is resolved. I really appreciate your help!!


----------

