Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

01comm32.exe, func.js errors


  • Please log in to reply

#1
Deb JK608

Deb JK608

    New Member

  • Member
  • Pip
  • 5 posts
Hi!
When I boot up my PC it gives me 2 errors messages, both regarding not finding 01comm32.exe file. Boot up is slow but, I origianlly though this was because the C drive is full. This has been happening for over a week.
More recently, I started having trouble when I open the windows for Internet Explorer I get 2 messages (again)
1) Loading script "c:/Program Files/func.js"
2) Line 76 Char 1 The system can not find file specified.

My antivirus also pops up with infected and deleted files.
I might add that I had a "Dealio toolbar" loaded onto my computer (without my knowingly downloading) and I unistalled it. I don't know if that has anything to do with any of this.

I have also been getting numerous pop-ups and pop-under.

I have download and ran ATF Cleaner and then ran HijackThis. I am lost now and don't know what to do.
Here is the log from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:12:17 PM, on 4/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1150423870\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\retadpu2000219.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\QUICKENW\QWDLLS.EXE
E:\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\E3ATUMW9\hijackthis[1] 2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\programs\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0FBA1A47-CA02-4EEF-4A86-E82B295083BF} - C:\Program Files\WindowsUpdate\lacu.dll
O2 - BHO: (no name) - {35ABA5C8-9807-46A8-AD57-0F66ECAF4455} - \
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP40\bin\BandObject.dll (file missing)
O2 - BHO: (no name) - {46A9A505-DE6F-4C11-98CB-F9CD294C8F8F} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8E01C5C0-B2AB-443A-8FC0-23F1BFFC5968} - \
O2 - BHO: (no name) - {C9475987-7FA0-4FDE-9115-8E754199206F} - \
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINNT\system32\iifcdec.dll
O2 - BHO: (no name) - {D0DBD288-F7A9-47AB-BA48-B9AFC77F5FF5} - \
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150423870\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP40\hta\station.sbrt
O4 - HKLM\..\Run: [3P6WAHF5SNWXZ2] C:\WINNT\system32\JwqVfC.exe
O4 - HKLM\..\Run: [ParentalFilter] C:\Program Files\Parental Filter\ParentalFilter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [runner1] C:\WINNT\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKCU\..\Run: [MBstRWJ6Q] caponf.exe
O4 - HKCU\..\Run: [updateMgr] "E:\programs\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\programs\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehous...ureball/abx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aava...olbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehous.../DinerDash2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149634915184
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave...gwebinstall.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106...lay/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.co...itched/main.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst...h/dinerdash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehous...opcaploader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: iifcdec - C:\WINNT\SYSTEM32\iifcdec.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

I appreciate your help!
Deb
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
Deb JK608

Deb JK608

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Sam
Thanks for answering so quick.

I downloaded and ran comboFix. It all looks like a foreign language to me but, here is the results log:

"Amanda" - Mon 04/30/2007 18:30:49 Service Pack 4
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Amanda\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\updater.exe
C:\Program Files\cowabanga\License.txt
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\WINNT\system32\tsuninst.exe
C:\Program Files\cowabanga
C:\Program Files\inetget2
C:\Program Files\ipwindows


((((((((((((((((((((((((((((((( Files Created from 2003-01-07 to 20/30/2007 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2012/18/02 05:15p 22400 --a------ C:\WINNT\system32\drivers\strmdisp.sys
2012/18/02 05:10p 153984 --a------ C:\WINNT\system32\drivers\HSFHWCD2.sys
2012/18/02 05:09p 585856 --a------ C:\WINNT\system32\drivers\HSF_CNXT.sys
2012/18/02 05:08p 1067008 --a------ C:\WINNT\system32\drivers\HSF_DP.sys
2012/11/02 11:14p 7424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2012/11/02 11:14p 5504 --a------ C:\WINNT\system32\drivers\mstee.sys
2012/11/02 11:14p 5248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2012/11/02 11:14p 4096 --a------ C:\WINNT\system32\drivers\swenum.sys
2012/11/02 11:14p 130304 --a------ C:\WINNT\system32\drivers\ks.sys
2012/10/02 04:53p 24929 --a--c--- C:\WINNT\system32\drivers\CamUsP20.sys
2012/10/02 04:53p 236121 --a------ C:\WINNT\system32\drivers\CamDrL20.sys
2012/03/00 09:35a 22640 --a------ C:\WINNT\system32\drivers\wandrv.sys
2012/02/04 10:37p 170512 --a------ C:\WINNT\system32\drivers\rdbss.sys
2012/02/04 05:00a 116400 --a------ C:\WINNT\system32\drivers\ftdisk.sys
2011/10/04 04:30p 24832 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2011/10/04 04:27p 44288 --a------ C:\WINNT\system32\drivers\cdr4_2k.sys
2011/06/99 05:11a 44528 --a------ C:\WINNT\system32\drivers\es1371mp.sys
2010/29/99 08:11a 41008 --a------ C:\WINNT\system32\drivers\s3mt3d.sys
2010/28/99 10:24a 51152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2010/23/99 11:22a 61712 --a------ C:\WINNT\system32\drivers\el90xbc5.sys
2010/12/99 02:57p 68912 --a------ C:\WINNT\system32\drivers\USBAUDIO.sys
2010/02/06 10:40a 629264 --a------ C:\WINNT\system32\drivers\VetEFile.sys
2010/02/06 10:40a 108592 --a------ C:\WINNT\system32\drivers\VetEBoot.sys
2009/29/05 08:37p 21031 --a------ C:\WINNT\system32\drivers\Vet-Filt.sys
2009/29/05 08:37p 15735 --a------ C:\WINNT\system32\drivers\VetFDDNT.sys
2009/29/05 08:37p 15478 --a------ C:\WINNT\system32\drivers\Vet-Rec.sys
2009/27/99 06:09p 23888 --a------ C:\WINNT\system32\drivers\usbcamd.sys
2009/25/99 05:35a 2896 --a------ C:\WINNT\system32\drivers\audstub.sys
2009/20/03 07:32p 71888 --a------ C:\WINNT\system32\drivers\ksecdd.sys
2009/14/98 07:41a 285216 --a--c--- C:\WINNT\system32\drivers\Onsio.sys
2008/01/98 11:00a 60928 --a--c--- C:\WINNT\system32\drivers\Smplscsi.sys
2007/31/06 10:40p 26787 --a------ C:\WINNT\system32\drivers\vetmonnt.sys
2007/24/02 07:00a 9680 --a------ C:\WINNT\system32\drivers\netdtect.sys
2007/24/02 07:00a 88816 --a--c--- C:\WINNT\system32\drivers\lvcam.sys
2007/24/02 07:00a 8016 --a------ C:\WINNT\system32\drivers\rasacd.sys
2007/24/02 07:00a 79120 --a--c--- C:\WINNT\system32\drivers\lvcodek.sys
2007/24/02 07:00a 6992 --a------ C:\WINNT\system32\drivers\sglfb.sys
2007/24/02 07:00a 6512 --a------ C:\WINNT\system32\drivers\parvdm.sys
2007/24/02 07:00a 6032 --a------ C:\WINNT\system32\drivers\rootmdm.sys
2007/24/02 07:00a 59280 --a--c--- C:\WINNT\system32\drivers\vdmindvd.sys
2007/24/02 07:00a 58480 --a--c--- C:\WINNT\system32\drivers\nwlnkspx.sys
2007/24/02 07:00a 57904 --a------ C:\WINNT\system32\drivers\atmarpc.sys
2007/24/02 07:00a 52048 --a--c--- C:\WINNT\system32\drivers\tosdvd.sys
2007/24/02 07:00a 4816 --a------ C:\WINNT\system32\drivers\mspqm.sys
2007/24/02 07:00a 4240 --a------ C:\WINNT\system32\drivers\wmilib.sys
2007/24/02 07:00a 4240 --a------ C:\WINNT\system32\drivers\mnmdd.sys
2007/24/02 07:00a 4080 --a------ C:\WINNT\system32\drivers\beep.sys
2007/24/02 07:00a 40432 --a------ C:\WINNT\system32\drivers\ndproxy.sys
2007/24/02 07:00a 37040 --a------ C:\WINNT\system32\drivers\npfs.sys
2007/24/02 07:00a 35344 --a------ C:\WINNT\system32\drivers\nwlnkfwd.sys
2007/24/02 07:00a 35024 --a--c--- C:\WINNT\system32\drivers\rawwan.sys
2007/24/02 07:00a 34416 --a------ C:\WINNT\system32\drivers\ipfltdrv.sys
2007/24/02 07:00a 33616 --a------ C:\WINNT\system32\drivers\fips.sys
2007/24/02 07:00a 33456 --a------ C:\WINNT\system32\drivers\netbios.sys
2007/24/02 07:00a 2800 --a------ C:\WINNT\system32\drivers\null.sys
2007/24/02 07:00a 272496 --a--c--- C:\WINNT\system32\drivers\cinemst2.sys
2007/24/02 07:00a 22000 --a--c--- C:\WINNT\system32\drivers\tsbvcap.sys
2007/24/02 07:00a 21712 --a------ C:\WINNT\system32\drivers\rca.sys
2007/24/02 07:00a 21328 --a------ C:\WINNT\system32\drivers\msfs.sys
2007/24/02 07:00a 19984 --a------ C:\WINNT\system32\drivers\ipinip.sys
2007/24/02 07:00a 19088 --a------ C:\WINNT\system32\drivers\cdaudio.sys
2007/24/02 07:00a 17424 --a--c--- C:\WINNT\system32\drivers\lvsound.sys
2007/24/02 07:00a 16880 --a------ C:\WINNT\system32\drivers\raspti.sys
2007/24/02 07:00a 15120 --a--c--- C:\WINNT\system32\drivers\usbintel.sys
2007/24/02 07:00a 14832 --a--c--- C:\WINNT\system32\drivers\smclib.sys
2007/24/02 07:00a 13968 --a------ C:\WINNT\system32\drivers\vga.sys
2007/24/02 07:00a 12880 --a--c--- C:\WINNT\system32\drivers\class2.sys
2007/24/02 07:00a 12560 --a------ C:\WINNT\system32\drivers\nwlnkflt.sys
2007/24/02 07:00a 12368 --a--c--- C:\WINNT\system32\drivers\fsvga.sys
2007/24/02 07:00a 12016 --a------ C:\WINNT\system32\drivers\ws2ifsl.sys
2007/24/02 07:00a 105840 --a--c--- C:\WINNT\system32\drivers\streams.sys
2007/24/02 07:00a 102160 --a--c--- C:\WINNT\system32\drivers\nbf.sys
2007/24/02 07:00a 10064 --a--c--- C:\WINNT\system32\drivers\dxapi.sys
2007/16/03 02:44p 163600 --a------ C:\WINNT\system32\drivers\netbt.sys
2007/09/04 03:27a 48512 --a------ C:\WINNT\system32\drivers\stream.sys
2007/09/04 01:58a 83968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2007/09/04 01:58a 56832 --a--c--- C:\WINNT\system32\drivers\msdv.sys
2007/09/04 01:58a 18688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2007/09/04 01:58a 16384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2007/09/04 01:58a 15104 --a------ C:\WINNT\system32\drivers\mpe.sys
2007/09/04 01:58a 14976 --a------ C:\WINNT\system32\drivers\streamip.sys
2007/09/04 01:58a 11392 --a--c--- C:\WINNT\system32\drivers\bdasup.sys
2007/09/04 01:58a 10880 --a------ C:\WINNT\system32\drivers\slip.sys
2007/09/04 01:58a 10112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007/02/02 11:21a 70382 --a------ C:\WINNT\system32\drivers\lmouflt2.sys
2007/02/02 11:21a 6030 --a------ C:\WINNT\system32\drivers\lkbdflt2.sys
2007/02/02 11:21a 59246 --a--c--- C:\WINNT\system32\drivers\LSERMOU2.SYS
2007/02/02 11:21a 50830 --a------ C:\WINNT\system32\drivers\L8042pr2.sys
2007/02/02 11:21a 40508 --a--c--- C:\WINNT\system32\drivers\LHIDUSB.SYS
2007/02/02 11:21a 23854 --a--c--- C:\WINNT\system32\drivers\LHIDFLT2.SYS
2007/02/02 11:21a 13276 --a--c--- C:\WINNT\system32\drivers\LCCFLTR.SYS
2006/19/03 02:05p 9808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2006/19/03 02:05p 93360 --a------ C:\WINNT\system32\drivers\ndiswan.sys
2006/19/03 02:05p 9200 --a------ C:\WINNT\system32\drivers\ndistapi.sys
2006/19/03 02:05p 91408 --a------ C:\WINNT\system32\drivers\NWLNKIPX.SYS
2006/19/03 02:05p 87888 --a------ C:\WINNT\system32\drivers\mup.sys
2006/19/03 02:05p 86672 --a------ C:\WINNT\system32\drivers\atapi.sys
2006/19/03 02:05p 7728 --a------ C:\WINNT\system32\drivers\diskperf.sys
2006/19/03 02:05p 7600 --a------ C:\WINNT\system32\drivers\fs_rec.sys
2006/19/03 02:05p 74192 --a------ C:\WINNT\system32\drivers\SCSIPORT.SYS
2006/19/03 02:05p 73872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2006/19/03 02:05p 7312 --a------ C:\WINNT\system32\drivers\dmload.sys
2006/19/03 02:05p 67120 --a------ C:\WINNT\system32\drivers\ipnat.sys
2006/19/03 02:05p 65520 --a------ C:\WINNT\system32\drivers\nwlnknb.sys
2006/19/03 02:05p 64304 --a------ C:\WINNT\system32\drivers\ipsec.sys
2006/19/03 02:05p 62736 --a------ C:\WINNT\system32\drivers\serial.sys
2006/19/03 02:05p 62672 --a------ C:\WINNT\system32\drivers\udfs.sys
2006/19/03 02:05p 61680 --a------ C:\WINNT\system32\drivers\cdfs.sys
2006/19/03 02:05p 60496 --a------ C:\WINNT\system32\drivers\psched.sys
2006/19/03 02:05p 60208 --a------ C:\WINNT\system32\drivers\parallel.sys
2006/19/03 02:05p 59312 --a------ C:\WINNT\system32\drivers\pci.sys
2006/19/03 02:05p 57296 --a------ C:\WINNT\system32\drivers\irda.sys
2006/19/03 02:05p 57264 --a------ C:\WINNT\system32\drivers\mf.sys
2006/19/03 02:05p 56112 --a------ C:\WINNT\system32\drivers\DLC.SYS
2006/19/03 02:05p 53552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2006/19/03 02:05p 534192 --a------ C:\WINNT\system32\drivers\ntfs.sys
2006/19/03 02:05p 52112 --a------ C:\WINNT\system32\drivers\rasl2tp.sys
2006/19/03 02:05p 50640 --a------ C:\WINNT\system32\drivers\videoprt.sys
2006/19/03 02:05p 49776 --------- C:\WINNT\system32\drivers\usbhub20.sys
2006/19/03 02:05p 48496 --a------ C:\WINNT\system32\drivers\atmlane.sys
2006/19/03 02:05p 48464 --a------ C:\WINNT\system32\drivers\raspptp.sys
2006/19/03 02:05p 47568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2006/19/03 02:05p 46992 --a------ C:\WINNT\system32\drivers\isapnp.sys
2006/19/03 02:05p 46992 --a------ C:\WINNT\system32\drivers\i8042prt.sys
2006/19/03 02:05p 4624 --a------ C:\WINNT\system32\drivers\intelide.sys
2006/19/03 02:05p 40176 --a------ C:\WINNT\system32\drivers\usbhub.sys
2006/19/03 02:05p 37552 --a------ C:\WINNT\system32\drivers\nmnt.sys
2006/19/03 02:05p 369104 --a------ C:\WINNT\system32\drivers\dmboot.sys
2006/19/03 02:05p 35344 --a------ C:\WINNT\system32\drivers\redbook.sys
2006/19/03 02:05p 34832 --a------ C:\WINNT\system32\drivers\classpnp.sys
2006/19/03 02:05p 34704 --a------ C:\WINNT\system32\drivers\msgpc.sys
2006/19/03 02:05p 332144 --a------ C:\WINNT\system32\drivers\tcpip.sys
2006/19/03 02:05p 331088 --a------ C:\WINNT\system32\drivers\atmuni.sys
2006/19/03 02:05p 32848 --a------ C:\WINNT\system32\drivers\uhcd.sys
2006/19/03 02:05p 32272 --a------ C:\WINNT\system32\drivers\wanarp.sys
2006/19/03 02:05p 30768 --a------ C:\WINNT\system32\drivers\DISK.SYS
2006/19/03 02:05p 29168 --a------ C:\WINNT\system32\drivers\modem.sys
2006/19/03 02:05p 27984 --a------ C:\WINNT\system32\drivers\cdrom.sys
2006/19/03 02:05p 27440 --a------ C:\WINNT\system32\drivers\efs.sys
2006/19/03 02:05p 26256 --a------ C:\WINNT\system32\drivers\fdc.sys
2006/19/03 02:05p 25104 --a------ C:\WINNT\system32\drivers\parport.sys
2006/19/03 02:05p 24752 --a------ C:\WINNT\system32\drivers\hidclass.sys
2006/19/03 02:05p 24528 --a------ C:\WINNT\system32\drivers\kbdclass.sys
2006/19/03 02:05p 23056 --a------ C:\WINNT\system32\drivers\hidparse.sys
2006/19/03 02:05p 22064 --a------ C:\WINNT\system32\drivers\sonydcam.sys
2006/19/03 02:05p 22064 --a------ C:\WINNT\system32\drivers\pciidex.sys
2006/19/03 02:05p 21776 --a------ C:\WINNT\system32\drivers\mouclass.sys
2006/19/03 02:05p 21008 --a------ C:\WINNT\system32\drivers\agp440.sys
2006/19/03 02:05p 20688 --a------ C:\WINNT\system32\drivers\usbd.sys
2006/19/03 02:05p 20208 --a------ C:\WINNT\system32\drivers\msircomm.sys
2006/19/03 02:05p 19952 --a------ C:\WINNT\system32\drivers\irsir.sys
2006/19/03 02:05p 19920 --a------ C:\WINNT\system32\drivers\rasirda.sys
2006/19/03 02:05p 19728 --------- C:\WINNT\system32\drivers\usbehci.sys
2006/19/03 02:05p 19312 --a------ C:\WINNT\system32\drivers\flpydisk.sys
2006/19/03 02:05p 17840 --a------ C:\WINNT\system32\drivers\asyncmac.sys
2006/19/03 02:05p 17680 --a------ C:\WINNT\system32\drivers\ptilink.sys
2006/19/03 02:05p 173232 --a------ C:\WINNT\system32\drivers\UPDATE.SYS
2006/19/03 02:05p 170928 --a------ C:\WINNT\system32\drivers\ndis.sys
2006/19/03 02:05p 163120 --a------ C:\WINNT\system32\drivers\acpi.sys
2006/19/03 02:05p 16240 --a------ C:\WINNT\system32\drivers\tdi.sys
2006/19/03 02:05p 161072 --a------ C:\WINNT\system32\drivers\nwrdr.sys
2006/19/03 02:05p 148400 --a------ C:\WINNT\system32\drivers\sfmatalk.sys
2006/19/03 02:05p 148304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2006/19/03 02:05p 148208 --a------ C:\WINNT\system32\drivers\portcls.sys
2006/19/03 02:05p 14288 --a------ C:\WINNT\system32\drivers\diskdump.sys
2006/19/03 02:05p 14160 --a------ C:\WINNT\system32\drivers\serenum.sys
2006/19/03 02:05p 140496 --a------ C:\WINNT\system32\drivers\fastfat.sys
2006/19/03 02:05p 138288 --------- C:\WINNT\system32\drivers\usbport.sys
2006/19/03 02:05p 137936 --a------ C:\WINNT\system32\drivers\dmio.sys
2006/19/03 02:05p 12592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2006/19/03 02:05p 120240 --a------ C:\WINNT\system32\drivers\AFD.SYS
2006/19/03 02:05p 11984 --------- C:\WINNT\system32\drivers\ndisuio.sys
2006/19/03 02:05p 11792 --a------ C:\WINNT\system32\drivers\partmgr.sys
2006/19/03 02:05p 11536 --a------ C:\WINNT\system32\drivers\acpiec.sys
2006/19/03 02:05p 109584 --a------ C:\WINNT\system32\drivers\pcmcia.sys
2006/19/03 02:05p 10928 --a------ C:\WINNT\system32\drivers\tape.sys
2006/19/03 02:05p 10384 --a------ C:\WINNT\system32\drivers\sfloppy.sys
2006/19/03 02:05p 10288 --a------ C:\WINNT\system32\drivers\irenum.sys
2006/17/06 11:57a 12464 --a------ C:\WINNT\system32\drivers\CdaD10BA.SYS
2006/15/06 09:15p 8552 --a------ C:\WINNT\system32\drivers\asctrm.sys
2006/10/02 02:20p 12112 --a------ C:\WINNT\system32\drivers\LVUSBSta.sys
2006/10/02 02:16p 371766 --a------ C:\WINNT\system32\drivers\CamDrL21.sys
2005/31/06 06:53p 32328 --a------ C:\WINNT\system32\drivers\atwpkt264.sys
2005/31/06 06:53p 25160 --a------ C:\WINNT\system32\drivers\atwpkt2.sys
2005/03/05 12:10a 238928 --a------ C:\WINNT\system32\drivers\SRV.SYS
2004/11/02 10:21p 13335 -ra--c--- C:\WINNT\system32\drivers\usbcm.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} E:\programs\ActiveX\AcroIEHelper.dll
{0FBA1A47-CA02-4EEF-4A86-E82B295083BF} C:\Program Files\WindowsUpdate\lacu.dll
{2FA13BAB-7DEF-4A26-8B26-67AA4ADA29C6} \
{35ABA5C8-9807-46A8-AD57-0F66ECAF4455} \
{3DE88907-3E38-11D4-BEB2-CBE76C0598DD} C:\Program Files\ISP40\bin\BandObject.dll [x]
{46A9A505-DE6F-4C11-98CB-F9CD294C8F8F} \
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{8E01C5C0-B2AB-443A-8FC0-23F1BFFC5968} \
{C9475987-7FA0-4FDE-9115-8E754199206F} \
{CA2CFBDE-0F94-491B-9286-00C60C553954} C:\WINNT\system32\iifcdec.dll
{D0DBD288-F7A9-47AB-BA48-B9AFC77F5FF5} \

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"PrinTray"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"CARPService"="carpserv.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1150423870\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Bart Station"="C:\\Program Files\\ISP40\\hta\\station.sbrt"
"3P6WAHF5SNWXZ2"="C:\\WINNT\\system32\\JwqVfC.exe"
"ParentalFilter"="C:\\Program Files\\Parental Filter\\ParentalFilter.exe"
"Adobe Photo Downloader"="\"E:\\3.0\\Apps\\apdproxy.exe\""
"runner1"="C:\\WINNT\\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"MalwareBot"="C:\\Program Files\\MalwareBot\\MalwareBot.exe -boot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WebCamRT.exe"=""
"MBstRWJ6Q"="caponf.exe"
"updateMgr"="\"E:\\programs\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"zzzu"="C:\\Program Files\\Common Files\\zzzu\\zzzum.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Documents and Settings\for desk deco\Adam dig.JPG

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ E:\Documents and Settings\Amanda\My Documents\My Pictures\12-31-02DebAdam.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ E:\Documents and Settings\pictures\amandas pictures\2007_03_03\IMG_1216.JPG

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1DD7CBED-2F05-11D3-A521-00400514C916}"=""
"{CA2CFBDE-0F94-491B-9286-00C60C553954}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcdec

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\dfrg.job
C:\WINNT\tasks\Disk Cleanup.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 18:40:30
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: Mon 04/30/2007 18:41:12
C:\ComboFix-quarantined-files.txt ... 04/30/07 06:41p


I just wanted to add that I noticed it is all the C drive and I also have a removable external drive (labeled E:extra disk) I'm not sure if this does or does not make any difference to anything.
While the ComboFix was running my antivirus also popped up with viruses found and deleted (seems to be the same ones over and over).

Thanks for your help and quick reply,
Debbie
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We're making progress! :whistling:


Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.

    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please post the results of the AVG Anti-Spyware scan report along with a new Hijackthis log.
  • 0

#5
Deb JK608

Deb JK608

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello Sam...
I did everything exactly as you said. I just want to let you know that when I was finishing with AVG it asked: "The file C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe can not be quarantined because it is embedded in the archive C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe Do you want to quarantine the whole archive?
I clicked YES
It also asked the same question regarding:
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe can not be quarantined because it is embedded in the archive E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe
AND
C:\WINNT\ucmoreiex.exe/IUCMORE.DLL can not be quarantined because it is embedded in the archive C:\WINNT\ucmoreiex.exe/IUCMORE.DLL
I click YES to both of those as well.

When I finished and resarted my computer in normal mode my Anti-Virus program came up with these messages:
File name: C:\Documents and Settings\Amanda\Local Settings\Temporary internet Files\Content.IE5\SBIJDXYB\lo1[1]
infection: "Vundo!generic" Deleted
Filename: C\WINNT\System32\nnlii.dll infection: "Vundo!generic" Deleted
Filename: C\WINNT\System32\nnlii.dll infection: "Vundo!generic" Infected

Here are my log reports:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:10:12 PM 5/1/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
E:\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\KVIF_11.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
E:\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute.1 -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Adware.CashBack : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINNT\system32\ffInst.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHelper.dll -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHelper.dll -> Adware.NavExcel : Cleaned with backup (quarantined).
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup (quarantined).
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHelper.dll -> Adware.NavExcel : Cleaned with backup (quarantined).
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup (quarantined).
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\v2.0.4c.cab/NHelper.dll -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\WINNT\system32\smpi1\win.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\zzzu\zzzud\zzzuc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Downloads\BellesBeautyBoutiqueSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
E:\Downloads\TheGameOfLifeSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\TTC.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\WINNT\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINNT\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\WINADX.0LL -> Adware.WinAD : Cleaned with backup (quarantined).
E:\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINNT\system32\smpi1\win33.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINNT\updater.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINNT\retadpu2000219.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINNT\system32\smpi1\win11.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\WINNT\b128.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\ATPartners.inf -> Downloader.Rameh.c : Cleaned with backup (quarantined).
C:\WINNT\bl4ck.com -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\zzzu\zzzup.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\zzzu\zzzud\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\zzzu\zzzua.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\WINNT\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\tskmgr.exe -> Dropper.VB.nn : Cleaned with backup (quarantined).
C:\Program Files\WindowsUpdate\lacu.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.247realmedia : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.2o7 : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.2o7 : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> TrackingCookie.Adserver : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq69.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> TrackingCookie.Advertising : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Advertising : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq30.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp -> TrackingCookie.Atdmt : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq32.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Bfast : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Bluestreak : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Bridgetrack : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> TrackingCookie.Burstnet : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Burstnet : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp -> TrackingCookie.Casalemedia : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Casalemedia : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq6E.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Centrport : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Centrport : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Clickbank : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> TrackingCookie.Com : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Commission-junction : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Commission-junction : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> TrackingCookie.Coremetrics : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq74.tmp -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Dealtime : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq83.tmp -> TrackingCookie.Dealtime : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq84.tmp -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Doubleclick : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> TrackingCookie.Falkag : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Falkag : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Fastclick : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> TrackingCookie.Fortunecity : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> TrackingCookie.Goclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp -> TrackingCookie.Hitbox : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Hitbox : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Linksynergy : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp -> TrackingCookie.Linksynergy : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Linksynergy : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Mediaplex : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp -> TrackingCookie.Onestat : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Paycounter : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> TrackingCookie.Popuptraffic : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> TrackingCookie.Pro-market : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Qksrv : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Questionmarket : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Questionmarket : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> TrackingCookie.Realmedia : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Realmedia : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Realtracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> TrackingCookie.Realtracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Realtracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Revenue : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Ru4 : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.Ru4 : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq91.tmp -> TrackingCookie.Serving-sys : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Serving-sys : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Sextracker : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> TrackingCookie.Spylog : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> TrackingCookie.Statcounter : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> TrackingCookie.Tradedoubler : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Trafficmp : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Trafficmp : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Tribalfusion : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Tribalfusion : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Valueclick : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Valueclick : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> TrackingCookie.Webtrendslive : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.X10 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Xxxcounter : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Xxxcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Zedo : Cleaned.
E:\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Zedo : Cleaned.
C:\temp\ja.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Ipwindows\UnInstall.exe.vir -> Trojan.Rond : Cleaned with backup (quarantined).


::Report end

and my new HiJackThis report:
Logfile of HijackThis v1.99.1
Scan saved at 10:48:49 PM, on 5/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1150423870\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
E:\QUICKENW\QWDLLS.EXE
E:\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Documents and Settings\Amanda\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\programs\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0FBA1A47-CA02-4EEF-4A86-E82B295083BF} - C:\Program Files\WindowsUpdate\lacu.dll (file missing)
O2 - BHO: (no name) - {2FA13BAB-7DEF-4A26-8B26-67AA4ADA29C6} - \
O2 - BHO: (no name) - {35ABA5C8-9807-46A8-AD57-0F66ECAF4455} - \
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP40\bin\BandObject.dll (file missing)
O2 - BHO: (no name) - {46A9A505-DE6F-4C11-98CB-F9CD294C8F8F} - \
O2 - BHO: (no name) - {618AB4EC-F7AC-4459-A1EA-108039F75B59} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8E01C5C0-B2AB-443A-8FC0-23F1BFFC5968} - \
O2 - BHO: (no name) - {C9475987-7FA0-4FDE-9115-8E754199206F} - \
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINNT\system32\iifcdec.dll
O2 - BHO: (no name) - {D0DBD288-F7A9-47AB-BA48-B9AFC77F5FF5} - \
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150423870\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP40\hta\station.sbrt
O4 - HKLM\..\Run: [3P6WAHF5SNWXZ2] C:\WINNT\system32\JwqVfC.exe
O4 - HKLM\..\Run: [ParentalFilter] C:\Program Files\Parental Filter\ParentalFilter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MBstRWJ6Q] caponf.exe
O4 - HKCU\..\Run: [updateMgr] "E:\programs\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [zzzu] C:\Program Files\Common Files\zzzu\zzzum.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\programs\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehous...ureball/abx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aava...olbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehous.../DinerDash2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149634915184
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave...gwebinstall.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106...lay/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.co...itched/main.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst...h/dinerdash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehous...opcaploader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: iifcdec - C:\WINNT\SYSTEM32\iifcdec.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Again, thanks for your help!
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You did everything perfectly! :whistling:
You can delete this folder if it's still present.

C:\Program Files\Common Files\zzzu


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
F3 - REG:win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: 0 - {0FBA1A47-CA02-4EEF-4A86-E82B295083BF} - C:\Program Files\WindowsUpdate\lacu.dll (file missing)
O2 - BHO: (no name) - {2FA13BAB-7DEF-4A26-8B26-67AA4ADA29C6} - \
O2 - BHO: (no name) - {35ABA5C8-9807-46A8-AD57-0F66ECAF4455} - \
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP40\bin\BandObject.dll (file missing)
O2 - BHO: (no name) - {46A9A505-DE6F-4C11-98CB-F9CD294C8F8F} - \
O2 - BHO: (no name) - {618AB4EC-F7AC-4459-A1EA-108039F75B59} - \
O2 - BHO: (no name) - {8E01C5C0-B2AB-443A-8FC0-23F1BFFC5968} - \
O2 - BHO: (no name) - {C9475987-7FA0-4FDE-9115-8E754199206F} - \
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINNT\system32\iifcdec.dll
O2 - BHO: (no name) - {D0DBD288-F7A9-47AB-BA48-B9AFC77F5FF5} - \
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [3P6WAHF5SNWXZ2] C:\WINNT\system32\JwqVfC.exe
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKCU\..\Run: [MBstRWJ6Q] caponf.exe
O4 - HKCU\..\Run: [zzzu] C:\Program Files\Common Files\zzzu\zzzum.exe
O20 - Winlogon Notify: iifcdec - C:\WINNT\SYSTEM32\iifcdec.dll



Reboot your computer.



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#7
Deb JK608

Deb JK608

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
BUCKEYE SAM - YOU ARE THE BEST!!! :whistling:

After I checked and fixed on hijackThis and I rebooted my computer, I was really excited to see that there were NOT any error messages!!! Thank you SO much!!

Here are the Panda activescan and new hijackThis reports:



Incident Status Location

Adware:adware/virtualbouncer Not disinfected C:\WINNT\system32\WrapperOuter.exe
Adware:adware/popmonster Not disinfected C:\Documents and Settings\Amanda\Favorites\shopping\eBay.url
Potentially unwanted tool:application/iprotectyou Not disinfected c:\winnt\system32\ipyun.exe
Adware:adware/ncase Not disinfected c:\winnt\180ax.log
Adware:adware/transponder Not disinfected c:\winnt\thin-114-1-x-x.exe
Adware:adware/winad Not disinfected c:\program files\Winad Client
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/maxifiles Not disinfected Windows Registry
Adware:adware/navhelper Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:Adware/StatBlaster Not disinfected C:\balh.exe[WinWildApp.exe]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Amanda\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Amanda\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Amanda\Desktop\SmitfraudFix\restart.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/Transponder Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp
Spyware:Cookie/MetriWeb Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp
Spyware:Cookie/Peel Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp
Spyware:Cookie/Peel Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp
Adware:Adware/NavHelper Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHUpdater.exe
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.dll.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.exe.vir
Adware:Adware/Sqwire Not disinfected C:\QooBox\Quarantine\C\WINNT\system32\tsuninst.exe.vir
Spyware:Spyware/New.net Not disinfected C:\temp\gorPUS.exe[win.exe]
Adware:Adware/TTC Not disinfected C:\temp\gorPUS.exe[win33.exe]
Adware:Adware/DeluxeComunications Not disinfected C:\temp\gorPUS.exe[win5.exe]
Virus:Trj/Downloader.NYN Not disinfected C:\temp\gorPUS.exe[win11.exe]
Adware:Adware/StatBlaster Not disinfected C:\winmsch.exe[WinWildApp.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe
Adware:Adware/TTC Not disinfected C:\WINNT\VTTC.exe
Adware:Adware/Transponder Not disinfected E:\Yahoo!\YPSR\Quarantine\ppq2F.tmp
Spyware:Cookie/bravenetA Not disinfected E:\Yahoo!\YPSR\Quarantine\PPQ35.TMP
Spyware:Cookie/Maxserving Not disinfected E:\Yahoo!\YPSR\Quarantine\ppq4B.tmp
Spyware:Cookie/MetriWeb Not disinfected E:\Yahoo!\YPSR\Quarantine\ppq4D.tmp
Spyware:Cookie/Peel Not disinfected E:\Yahoo!\YPSR\Quarantine\ppq4F.tmp
Spyware:Cookie/Maxserving Not disinfected E:\Yahoo!\YPSR\Quarantine\ppq7B.tmp
Adware:Adware/NavHelper Not disinfected E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHUpdater.exe


Logfile of HijackThis v1.99.1
Scan saved at 10:17:11 PM, on 5/2/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1150423870\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
E:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Amanda\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\programs\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINNT\system32\iifcdec.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150423870\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP40\hta\station.sbrt
O4 - HKLM\..\Run: [ParentalFilter] C:\Program Files\Parental Filter\ParentalFilter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "E:\programs\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\programs\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehous...ureball/abx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aava...olbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehous.../DinerDash2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149634915184
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave...gwebinstall.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106...lay/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.co...itched/main.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst...h/dinerdash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehous...opcaploader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: iifcdec - iifcdec.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Debbie :blink:

Edited by Deb JK608, 02 May 2007 - 08:27 PM.

  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Still a bit more cleaning up to do.

Please fix this line with Hijackthis.

O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINNT\system32\iifcdec.dll (file missing)


==============


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINNT\system32\WrapperOuter.exe
    C:\Documents and Settings\Amanda\Favorites\shopping\eBay.url
    c:\winnt\system32\ipyun.exe
    c:\winnt\180ax.log
    c:\winnt\thin-114-1-x-x.exe
    C:\balh.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\temp\gorPUS.exe
    C:\winmsch.exe
    C:\WINNT\nircmd.exe
    C:\WINNT\VTTC.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.


================


Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.

  • 0

#9
Deb JK608

Deb JK608

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sam,
:whistling: Sorry it took me so long!

I was able to fix the line you told me to, in HijackThis and I had no problem with the killbox. When I downloaded CounterSpy, my first problem was that when it downloaded the updates, it said the "updates were unable to merge". I ran a full system scan... started it about 8pm and it was still running at 11:30... I went to bed and woke up the next morning and it was still running (My anti-virus program also ran at 1:00am, which may have interfered. ?) I finally aborted the scan. I have tried to run the scan again but, I can not get it to run. After 750 files it gives me messages about counterSpy not being active. I have tried shutting down my computer and re-booting. I also got a message that my virtual memory is low... which makes counterspy unable to finish. I was never able to get to a point where I got the view results and was able to go to : Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
Then click on Take Action.

I am going to try to reboot my PC one more timeand run a full scan to see if it works. IF it does, I will post to you again with the results.

Here is the log from killbox and the first scan log (with nothing fixed or removed from counterspy)...

Pocket Killbox version 2.0.0.648
Running on Windows 2000 as Amanda(Administrator)
was started @ Friday, May 04, 2007, 6:25 PM

# 1 [Delete on Reboot]
Path = C:\WINNT\system32\WrapperOuter.exe


# 2 [Delete on Reboot]
Path = C:\Documents and Settings\Amanda\Favorites\shopping\eBay.url


# 3 [Delete on Reboot]
Path = c:\winnt\system32\ipyun.exe


# 4 [Delete on Reboot]
Path = c:\winnt\180ax.log


# 5 [Delete on Reboot]
Path = c:\winnt\thin-114-1-x-x.exe


# 6 [Delete on Reboot]
Path = C:\balh.exe


# 7 [Delete on Reboot]
Path = C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe


# 8 [Delete on Reboot]
Path = C:\temp\gorPUS.exe


# 9 [Delete on Reboot]
Path = C:\winmsch.exe


# 10 [Delete on Reboot]
Path = C:\WINNT\nircmd.exe


# 11 [Delete on Reboot]
Path = C:\WINNT\VTTC.exe


I Rebooted @ 6:27:21 PM
Pocket Killbox version 2.0.0.648
Running on Windows 2000 as Amanda(Administrator)
was started @ Friday, May 04, 2007, 6:50 PM

Killbox Closed(Exit) @ 6:51:38 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows 2000 as Amanda(Administrator)
was started @ Friday, May 04, 2007, 8:01 PM

Killbox Closed(Exit) @ 8:02:51 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows 2000 as Amanda(Administrator)
was started @ Saturday, May 05, 2007, 10:17 AM

Killbox Closed(Exit) @ 10:18:32 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows 2000 as Amanda(Administrator)
was started @ Sunday, May 06, 2007, 10:40 AM




Scan History Details
Start Date: 5/4/2007 8:05:38 PM
End Date: 5/5/2007 12:18:45 PM
Total Time: 973 Min 7 Sec
Detected security risks

IBIS.WebSearch Toolbar Toolbar more information...
Details: WebSearch Toolbar is an Internet Explorer search hijacker.
Status: Ignored

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Ignored

Files detected
C:\PROGRAM FILES\AWS
C:\PROGRAM FILES\AWS\WEATHERBUG

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR


NavExcel Search Toolbar Toolbar more information...
Status: Ignored

Files detected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHelper.htm
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHUpdater.exe
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHelper.htm
E:\Yahoo!\YPSR\Quarantine\ppqE.tmp\NavHelper\v2.0.4c\NHUpdater.exe

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\APPID\{710BCB5B-8C6C-483E-A4F5-FAF083B13184}
HKEY_LOCAL_MACHINE\Software\Classes\APPID\{710BCB5B-8C6C-483E-A4F5-FAF083B13184}


WinAD Client Adware (General) more information...
Details: WinAD Client open pop-up windows, displaying german language content.
Status: Ignored

Files detected
C:\PROGRAM FILES\WINAD CLIENT


TargetSaver Browser Plug-in more information...
Details: TargetSaver is a program that displays advertising on the desktop and has the ability to download and install additional adware and malware.
Status: Ignored

Files detected
C:\QooBox\Quarantine\C\WINNT\system32\tsuninst.exe.vir


iProtectYou Surveillance (General) more information...
Details: iProtectYou is a program that filters web content and can restrict and monitor computer use.
Status: Ignored

Files detected
E:\Documents and Settings\moms nap music\ippro.exe

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\APPID\IPYSVC.EXE
HKEY_LOCAL_MACHINE\Software\Classes\APPID\IPYSVC.EXE


MediaPipe/MovieLand Hijacker more information...
Details: MediaPipe/MovieLand is an online content access program that badgers using into paying for the application if they do not cancel the "trial" within a certain time period.
Status: Ignored

Files detected
C:\WINNT\Downloaded Program Files\install.inf


PC MightyMax Rogue Security Program more information...
Status: Ignored

Files detected
C:\PROGRAM FILES\PC MIGHTYMAX\lic.conf
C:\PROGRAM FILES\PC MIGHTYMAX\lic.dat
C:\PROGRAM FILES\PC MIGHTYMAX\pcdocrx.conf
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_101.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_102.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_103.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_104.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_105.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_106.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_107.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_108.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_109.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_110.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_111.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_112.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_113.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_114.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_115.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_116.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_117.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_118.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_119.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_120.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_121.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_122.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_123.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_124.tmp
C:\PROGRAM FILES\PC MIGHTYMAX\tmp_res_x_125.tmp
C:\PROGRAM FILES\PC MIGHTYMAX
C:\PROGRAM FILES\PC MIGHTYMAX\UNDO
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP