I belive I have spyware/viruses
Thanks for your time, and knowledge in advance...
Logfile of HijackThis v1.99.1
Scan saved at 3:41:41 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSLLkSrv.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\wamp\wampmanager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HJT\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {0E11A90B-5313-4B4F-8F8D-A2FB46046B53} - (no file)
O2 - BHO: (no name) - {3567B902-8A83-4701-B84D-558A56F8CF2B} - (no file)
O2 - BHO: (no name) - {54004247-799D-57E8-C3A4-00EE10A43342} - (no file)
O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{226E437B-52B7-4C9F-9D3D-46CB6D55EA81}: NameServer = 68.87.71.226,68.87.73.242
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomljgf - qomljgf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com software - C:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:21:19 AM 2/23/2007
+ Scan result:
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015161.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015162.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015068.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030295.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030296.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017297.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015170.exe -> Backdoor.Landis.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015164.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015166.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015165.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015169.tlb -> Downloader.Zlob.wd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015158.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030294.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0021252.dll -> Logger.Perfloger.i : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020750.exe -> Not-A-Virus.HackTool.Win32.Scanner.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015100.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015199.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017299.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0019306.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015197.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
D:\Program Files\Accessdiver\Wordlist\Wordlist.rar/mixed.txt -> Trojan.Irc.flood.ak : Cleaned with backup (quarantined).
D:\Program Files\Accessdiver\Wordlist\mixed.txt -> Trojan.Irc.flood.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020765.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{582EE242-08A2-1033-0428-060401050001}\Update.exe -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\{582EE242-08A2-1033-0428-060401050001}\system.dll -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
SUPERAntiSpyware Scan Log
Generated 02/23/2007 at 03:31 PM
Application Version : 3.5.1016
Core Rules Database Version : 3188
Trace Rules Database Version: 1198
Scan type : Complete Scan
Total Scan Time : 02:52:38
Memory items scanned : 390
Memory threats detected : 2
Registry items scanned : 4701
Registry threats detected : 6
File items scanned : 152819
File threats detected : 23
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\AWVVW.DLL
C:\WINDOWS\SYSTEM32\AWVVW.DLL
HKLM\Software\Classes\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}\InprocServer32
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3567B902-8A83-4701-B84D-558A56F8CF2B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awvvw
Trojan.Downloader-Quake11
C:\WINDOWS\SYSTEM32\OXTPPUIC.DLL
C:\WINDOWS\SYSTEM32\OXTPPUIC.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0016199.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0019744.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020755.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020763.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020766.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020767.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Owner.CLICKCHIP\Cookies\owner@revsci[2].txt
Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE
Trojan.Downloader-SpyTool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015168.DLL
C:\WINDOWS\SYSTEM32\HINPFODS.DLL
C:\WINDOWS\SYSTEM32\NSFRTNHI.DLL
C:\WINDOWS\SYSTEM32\OMKKGOWX.DLL
Trojan.Downloader-Gen/LIB
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0016294.DLL
Trojan.Downloader-DoneDU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0019307.DLL
ReFOG KGB Keylogger
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020931.EXE
Worm.Alcra Variant
C:\WINDOWS\SYSTEM32\NETSTAT.COM
C:\WINDOWS\SYSTEM32\TASKKILL.COM
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO
Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\UNSVCHOSTS.LZMA
Trojan.Homepage
D:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015172.DLL
Here is one of the popups I just got: http://www.winantivi.....id=virus com>]http://www.winantiviruspro.com/pages/newco...id=virus+com%3E
Edited by Syke, 23 February 2007 - 02:57 PM.