[BxNeurotic]

I've been having problems with my computer where Internet Explorer windows keep on popping up nonstop every 30 seconds with sites like "WinAntiVirus"and "bid4prizes", which I really don't understand considering I use FireFox.

As soon as I turn on my computer, before I can even log in, a message pops up that says "This application has failed to start because MFC71.DLL was not found" and it says 'bcmwltry.exe-unable to locate component' in the top corner and every time I close it out it just reappears.

Naturally my computer has been running very slow as well. I keep doing Ad-Aware scans and getting at least 30 corrupted files each time, but nothing fixes the problem.

What is going on with my computer and how can I fix this? Any help would be appreciated.

[Advertisements]

There is information in the Malware forum about getting rid of WinAntivirusPro. I used it to remove it from a friend's computer and it worked well.

[Tyger]

There is information in the Malware forum about getting rid of WinAntivirusPro. I used it to remove it from a friend's computer and it worked well.

[BxNeurotic]

I checked out that Combofix, and just wanted someone to take a look at my logfile from the scan.



ComboFix 07-06-13.3 - C:\Documents and Settings\Lord Arson The Great\Desktop\ComboFix.exe
"Lord Arson The Great" - 2007-06-14 20:00:27 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ebhfpply.dll
C:\WINDOWS\system32\gdeswjgg.dll
C:\WINDOWS\system32\hbvylbam.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\otfdqatj.dll
C:\WINDOWS\system32\pttwvuxq.dll
C:\WINDOWS\system32\wiscnmrm.dll
C:\WINDOWS\system32\iifcawt.dll
C:\WINDOWS\system32\mljheba.dll
C:\WINDOWS\system32\ssqqrsr.dll
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak2
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
C:\WINDOWS\system32\xycdd.tmp
C:\WINDOWS\system32\ggjwsedg.ini
C:\WINDOWS\system32\mablyvbh.ini
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\qxuvwttp.ini
C:\WINDOWS\system32\mrmncsiw.ini
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak2
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
C:\WINDOWS\system32\xycdd.tmp
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak2
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
C:\WINDOWS\system32\xycdd.tmp
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\fccdbcd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt
C:\DOCUME~1\LORDAR~1\APPLIC~1.\ppatch~1
C:\DOCUME~1\LORDAR~1\APPLIC~1.\ppatch~1\l?[bleep].exe
C:\DOCUME~1\LORDAR~1\APPLIC~1\Install.dat
C:\DOCUME~1\NETWOR~1\APPLIC~1\netmon
C:\DOCUME~1\NETWOR~1\APPLIC~1\netmon\domains.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\netmon\log.txt
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Internet Explorer\rybivoje.dll
C:\Program Files\Internet Explorer\vikokicu.html
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Program Files\webhancer\Programs\whagent.exe
C:\Program Files\webhancer\Programs\whAgent.ini
C:\Program Files\webhancer\Programs\whiehlpr.dll
C:\Program Files\webhancer\Programs\whinstaller.exe
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gwquvw.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\TG9yZCBBcnNvbiBUaGUgR3JlYXQ\asappsrv.dll
C:\WINDOWS\TG9yZCBBcnNvbiBUaGUgR3JlYXQ\command.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt
C:\WINDOWS\ystem3~1
C:\WINDOWS\ystem3~1\chkntfs.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\cmdService
-------\core
-------\Net Agent
-------\Network Monitor
-------\Windows Overlay Components


((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))


2007-06-14 19:54 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-14 18:23 125,972 --a------ C:\WINDOWS\system32\edcybuqb.dll
2007-06-14 17:14 125,972 --a------ C:\WINDOWS\system32\qjfhnqjp.dll
2007-06-14 17:10 <DIR> d-------- C:\WINDOWS\ffzk
2007-06-14 17:10 <DIR> d-------- C:\Program Files\Common Files\ffzk
2007-06-14 16:55 <DIR> d--hs---- C:\WINDOWS\TG9yZCBBcnNvbiBUaGUgR3JlYXQ
2007-06-14 12:03 105,434 --a------ C:\WINDOWS\qwr67.exe
2007-06-13 19:38 60,928 --a------ C:\WINDOWS\system32\lfvsmbcq.dll
2007-06-13 14:37 62,516 --a------ C:\WINDOWS\system32\elwvxfpo.dll
2007-06-13 14:35 2,580 --a------ C:\WINDOWS\system32\aqxlccmq.exe
2007-06-13 14:22 <DIR> d-------- C:\Program Files\WinPop
2007-06-12 14:30 <DIR> d--hs---- C:\UWA7P
2007-06-12 14:25 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-12 14:22 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-06-12 14:22 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2007-06-12 14:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-06-12 14:15 46,592 --a------ C:\WINDOWS\avnqjpv.exe
2007-06-12 14:15 2 --a------ C:\WINDOWS\system32\wintisv.exe
2007-06-12 14:15 1,021,920 -r-hs---- C:\WINDOWS\avnqjpvA.exe
2007-06-12 14:15 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-12 14:15 <DIR> d-------- C:\WINDOWS\system32\o02PrEz
2007-06-12 14:15 <DIR> d-------- C:\WINDOWS\system32\A6
2007-06-12 14:15 <DIR> d-------- C:\WINDOWS\system32\A2
2007-06-12 14:15 <DIR> d-------- C:\WINDOWS\system32\A1
2007-06-12 14:15 <DIR> d-------- C:\Temp\iee
2007-06-12 14:15 <DIR> d-------- C:\Temp
2007-06-04 15:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-28 16:00 <DIR> d-------- C:\DOCUME~1\LORDAR~1\APPLIC~1\GlobalSCAPE
2007-05-28 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GlobalSCAPE
2007-05-28 15:59 <DIR> d-------- C:\Program Files\GlobalSCAPE
2007-05-25 02:56 <DIR> d-------- C:\DOCUME~1\LORDAR~1\APPLIC~1\Sonic
2007-05-25 02:56 <DIR> d-------- C:\DOCUME~1\LORDAR~1\APPLIC~1\Leadertech


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 20:50:31 -------- d-----w C:\Program Files\Online Services
2007-06-11 00:14:08 -------- d-----w C:\Program Files\Soulseek
2007-06-10 02:06:45 -------- d-----w C:\DOCUME~1\LORDAR~1\APPLIC~1\Corel
2007-06-10 02:06:09 56 --sh--r C:\WINDOWS\system32\3418928969.sys
2007-06-10 02:06:09 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-10 01:56:47 88 --sh--r C:\WINDOWS\system32\6989921834.sys
2007-06-05 16:35:12 -------- d-----w C:\Program Files\AIM6
2007-05-28 19:59:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 04:05:54 -------- d-----w C:\Program Files\Yahoo!
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 18:17:16 -------- d-----w C:\Program Files\thriXXX
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TG9yZCBBcnNvbiBUaGUgR3JlYXQ\n36VtF11wBhSv21ou3o0laL5srk.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\elwvxfpo.dll [2007-06-13 14:37]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 02:05]
{60737045-B906-46E9-828F-C4CA6B89F5DF}=C:\Program Files\MSN\nipyca.dll [2007-04-06 15:27]
{785B7902-B768-450B-A36E-EB4AFBBBCE49}=C:\WINDOWS\system32\edcybuqb.dll [2007-06-14 18:23]
{C12E6913-A8FE-DF2E-DF0B-8DADA8E574E4}=C:\WINDOWS\system32\lfvsmbcq.dll [2007-05-21 09:59]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\BAE\BAE.dll [2006-02-22 20:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 21:37]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 22:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-18 04:32]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 20:20]
"Salestart"="C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" []
"WinAntiVirus Pro 2007"="C:\Program Files\WinAntiVirus Pro 2007\WinAv.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"PC Registry Cleaner"="C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Sen"="C:\WINDOWS\YSTEM3~1\chkntfs.exe" []
"Ifetaqza"="C:\Documents and Settings\Lord Arson The Great\Application Data\??pPatch\l?[bleep].exe" []
"WinPop"="C:\Program Files\WinPop\winpop.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"ffzk"="C:\PROGRA~1\COMMON~1\ffzk\ffzkm.exe" [2006-07-19 14:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"=C:\Program Files\Video ActiveX Object\isamonitor.exe
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\vikokicu.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="C:\WINDOWS\system32\gwquvw.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="C:\WINDOWS\system32\gwquvw.dll" []



Contents of the 'Scheduled Tasks' folder
2007-06-10 13:42:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 20:46:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-14 20:47:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-14 20:47

--- E O F ---

[Major Payne]

Posting a log file here will not get you the help you need quickly enough if you are suspecting malware. We have a set procedure to follow in the Malware section of this forum that will help you through the steps required to ensure your machine is clean.

I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in THAT forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).


Ron

[BxNeurotic]

Ok, I'll do that then. But could someone tell me what this means first:

As soon as I turn on my computer, before I can even log in, a message pops up that says "This application has failed to start because MFC71.DLL was not found" and it says 'bcmwltry.exe-unable to locate component' in the top corner and every time I close it out it just reappears.

[BxNeurotic]

Hello? Anyone?

[Tyger]

You haven't followed the instructions, that's why you're not getting a reply here. Go to the Malware forum and follow the suggested procedures.