please help me figure out what malware/spyware i have. [Closed]

I have run quite a few different programs like trendnet and other free scanners. They don't show up any viruses. I do know that my popups are getting more and more aggressive and my computer is either becoming artifically intelligent or I have a really good at hiding virus. A little (or a lot) of help would be so appreciated.

I have NO clue what in this list to follow is good or bad. Maybe, hopefully someone here can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:07 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\TSKS~1\smss.exe
C:\Documents and Settings\Colton\Application Data\Microsoft\Windows\dflwu.exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\Words\Words.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\WINDOWS\QmFiZQ\command.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Colton\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Colton\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] "C:\WINDOWS\mrofinu572.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vipofurim] "C:\Program Files\MSN\vipofurim77798.exe"
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - HKLM\..\Run: [34c604b5] "rundll32.exe" "C:\WINDOWS\system32\jptcwkll.dll",b
O4 - HKLM\..\Run: [IESet] "IExplorer.dll .dbt"
O4 - HKLM\..\Run: [BM37f53729] Rundll32.exe "C:\WINDOWS\system32\cobfqtpo.dll",s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [IESet] "IExplorer.dll .dbt"
O4 - HKCU\..\Run: [Attr] "C:\WINDOWS\system32\TSKS~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Hanczp] C:\WINDOWS\system32\??pPatch\d?dplay.exe
O4 - HKCU\..\Run: [Router] "C:\Program Files\Router\Router.exe"
O4 - HKCU\..\Run: [WinTouch] "C:\Documents and Settings\Colton\Application Data\WinTouch\WinTouch.exe"
O4 - HKCU\..\Run: [SfKg6w] "C:\Documents and Settings\Colton\Application Data\Microsoft\Windows\dflwu.exe"
O4 - HKCU\..\Run: [kernel] "C:\Program Files\kernel\kernel.exe"
O4 - HKCU\..\Run: [Words] "C:\Program Files\Words\Words.exe"
O4 - HKCU\..\Run: [IESet] "IExplorer.dll .dbt"
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmFiZQ\command.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\dicowuupr.html

--
End of file - 8133 bytes

Hello needanametouse

Welcome to G2Go.

==============================================
Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\mrofinu572.exe
C:\Program Files\MSN\vipofurim77798.exe
C:\WINDOWS\system32\jptcwkll.dll
C:\WINDOWS\system32\cobfqtpo.dll
C:\Program Files\Router
C:\Documents and Settings\Colton\Application Data\WinTouch
C:\Documents and Settings\Colton\Application Data\Microsoft\Windows\dflwu.exe
C:\Program Files\kernel
C:\Program Files\Words
C:\WINDOWS\QmFiZQ
C:\Program Files\Network Monitor
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Click "Exit" to close OTMoveIt.

**When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================
After that please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper Shields

Click Shields on the left.
Click Internet Explorer and uncheck all items.
Click Windows System and uncheck all items.
Click Startup Programs and uncheck all items.
Click Browser Add-Ons and uncheck all items.
Exit Spysweeper.

======================
Then Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
==============================
Please post back with these logs:
New Hijackthis log
Combofix log
OTMove it log

please help me figure out what malware/spyware i have. [Closed]

#1
needanametouse

Posted 06 January 2008 - 05:09 PM

Advertisements

#2
kahdah

Posted 06 January 2008 - 06:31 PM

#3
needanametouse

Posted 07 January 2008 - 10:53 AM

#4
kahdah

Posted 07 January 2008 - 07:41 PM

#5
kahdah

Posted 20 January 2008 - 09:15 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

please help me figure out what malware/spyware i have. [Closed]

#1 needanametouse Posted 06 January 2008 - 05:09 PM

Advertisements

#2 kahdah Posted 06 January 2008 - 06:31 PM

#3 needanametouse Posted 07 January 2008 - 10:53 AM

#4 kahdah Posted 07 January 2008 - 07:41 PM

#5 kahdah Posted 20 January 2008 - 09:15 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
needanametouse

Posted 06 January 2008 - 05:09 PM

#2
kahdah

Posted 06 January 2008 - 06:31 PM

#3
needanametouse

Posted 07 January 2008 - 10:53 AM

#4
kahdah

Posted 07 January 2008 - 07:41 PM

#5
kahdah

Posted 20 January 2008 - 09:15 AM