Jump to content


Photo

WinAntiVirusPro HELP PLEASE!


  • This topic is locked This topic is locked
2 replies to this topic

#1 arzsupra

arzsupra

    Member

  • New Member
  • Pip
  • 1 posts

Posted 29 June 2007 - 07:07 PM

I recently aquired the WinAntiVirusPro spyware, and I have no idea on how to uninstall it. I've tried many spyware programs, but they don't seem to work. I looked up several forum posts on this subject, and realized this isn't an easy task.

I have both the ComboFix and HJT logs below.

I would appreciate any help, thanks again.



HJT-

Logfile of HijackThis v1.99.1
Scan saved at 5:05:51 PM, on 06/29/03
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {316E10F6-D31B-F998-1A11-F88DC976D3B5} - C:\WINDOWS\System32\ucweqge.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E2DC7F5C7A4E2938CF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D7790E31-3B37-4A47-B7D6-3FE9F528BD0D} - C:\Program Files\WindowsUpdate\holemun58441.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\MYDOCU~1\PPATCH~1\winword.exe" -vt yazb
O4 - HKCU\..\Run: [Xsk] C:\WINDOWS\a?sembly\?ervices.exe
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\System32\QBPOSProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Intuit Entitlement Service v2 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBPOS Database Extended Manager (QBPOSDBExtServices) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe



ComboThis


"Owner" - 2003-06-29 16:45:36 - ComboFix 07-06-27.7 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\aiuylord.dll
C:\WINDOWS\system32\emancpvs.dll
C:\WINDOWS\system32\ljjigeb.dll
C:\WINDOWS\system32\ujgoqhih.dll
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\svpcname.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\byxyaww.dll
C:\WINDOWS\system32\geeba.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Owner\MYDOCU~1.\ppatch~1
C:\DOCUME~1\Owner\MYDOCU~1.\ppatch~1\winword.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\Documents and Settings\Owner.\err.log
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1831OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Online Services\progyrtajyg.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.7.4\wbuninst.exe
C:\Program Files\web buying\v1.7.4\webbuying.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\asembl~1
C:\WINDOWS\asembl~1\?ervices.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\0x57.exe
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\abcdefgh.dll
C:\WINDOWS\system32\crqroqes.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\KB17335212.exe
C:\WINDOWS\system32\KB26583367.exe
C:\WINDOWS\system32\KB54091001.exe
C:\WINDOWS\system32\KB94634763.exe
C:\WINDOWS\system32\ksys.sys
C:\WINDOWS\system32\kxamxww.dll
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\S0
C:\WINDOWS\system32\S0\cogyaga58441.exe
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\S1\bk53.exe
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S4\wen2.exe
C:\WINDOWS\system32\S6
C:\WINDOWS\system32\S6\wr613.exe
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\S7\wbb22.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wtssu32.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\DomainService
-------\Windows Overlay Components


((((((((((((((((((((((((( Files Created from 2003-05-28 to 2003-06-29 )))))))))))))))))))))))))))))))


2003-06-29 16:46 62,516 --a------ C:\WINDOWS\system32\gswtkhyt.dll
2003-06-29 16:44 49,152 --a------ C:\WINDOWS\nircmd.exe
2003-06-29 16:19 76,412 --a------ C:\WINDOWS\system32\amuncety.dll
2003-06-29 16:19 124,436 --a------ C:\WINDOWS\system32\uxlrpadv.dll
2003-06-29 16:17 4,628 --a------ C:\WINDOWS\system32\biyrlbmw.exe
2003-06-29 15:57 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2003-06-29 15:54 60,928 --a------ C:\WINDOWS\system32\ucweqge.dll
2003-06-29 15:47 0 --a------ C:\WINDOWS\nsreg.dat
2003-06-29 15:46 <DIR> d-------- C:\Program Files\Lavasoft
2003-06-29 15:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2003-06-29 15:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2003-06-29 15:42 <DIR> d-------- C:\Downloads
2003-06-29 14:43 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2003-06-29 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2003-06-29 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2003-06-29 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute
2003-06-22 11:29 1 --a------ C:\WINDOWS\system32\fontqxet.dll
2003-06-22 11:16 <DIR> d-------- C:\WINDOWS\RCXUROLIFC9MJGDA
2003-06-22 10:39 405 --a------ C:\WINDOWS\system32\cmnocfg.xml.dat
2003-06-20 10:42 618,881 --a------ C:\Temp\aZ001.exe
2003-06-20 10:42 40,960 --a------ C:\bot.exe
2003-06-04 17:40 995,384 --a------ C:\WINDOWS\system32\mfc42u.dll
2003-06-04 17:40 995,383 --a------ C:\WINDOWS\system32\mfc42.dll
2003-06-04 17:40 99,840 --a------ C:\WINDOWS\system32\mprmsg.dll
2003-06-04 17:40 99,840 --a------ C:\WINDOWS\system32\iexpress.exe
2003-06-04 17:40 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2003-06-04 17:40 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2003-06-04 17:40 968,192 --a------ C:\WINDOWS\system32\msgina.dll
2003-06-04 17:40 945,693 --a------ C:\WINDOWS\system32\msjava.dll
2003-06-04 17:40 94,282 --a------ C:\WINDOWS\system32\msencode.dll
2003-06-04 17:40 924,432 --a------ C:\WINDOWS\system32\mfc40u.dll
2003-06-04 17:40 924,432 --a------ C:\WINDOWS\system32\mfc40.dll
2003-06-04 17:40 92,160 --a------ C:\WINDOWS\system32\krnl386.exe
2003-06-04 17:40 91,648 --a------ C:\WINDOWS\system32\loadperf.dll
2003-06-04 17:40 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2003-06-04 17:40 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2003-06-04 17:40 9,936 --a------ C:\WINDOWS\system32\lzexpand.dll
2003-06-04 17:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2003-06-04 17:40 9,728 --a------ C:\WINDOWS\system32\label.exe
2003-06-04 17:40 9,728 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\lprmonui.dll
2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\finger.exe
2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\find.exe
2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\diskcomp.com
2003-06-04 17:40 9,029 --a------ C:\WINDOWS\system32\ansi.sys
2003-06-04 17:40 89,600 --a------ C:\WINDOWS\system32\langwrbk.dll
2003-06-04 17:40 89,600 --a------ C:\WINDOWS\system32\cscdll.dll
2003-06-04 17:40 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2003-06-04 17:40 882 --a------ C:\WINDOWS\system32\fastopen.exe
2003-06-04 17:40 87,040 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2003-06-04 17:40 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2003-06-04 17:40 86,528 --a------ C:\WINDOWS\system32\iassam.dll
2003-06-04 17:40 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2003-06-04 17:40 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2003-06-04 17:40 84,992 --a------ C:\WINDOWS\system32\dskquota.dll
2003-06-04 17:40 83,968 --a------ C:\WINDOWS\system32\ipxmontr.dll
2003-06-04 17:40 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2003-06-04 17:40 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2003-06-04 17:40 817 --a------ C:\WINDOWS\system32\mscdexnt.exe
2003-06-04 17:40 81,408 --a------ C:\WINDOWS\system32\fsusd.dll
2003-06-04 17:40 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\mciavi32.dll
2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\cabview.dll
2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\autodisc.dll
2003-06-04 17:40 80,128 --a------ C:\WINDOWS\system32\msapsspc.dll
2003-06-04 17:40 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2003-06-04 17:40 8,704 --a------ C:\WINDOWS\system32\lprhelp.dll
2003-06-04 17:40 8,704 --a------ C:\WINDOWS\system32\eventvwr.exe
2003-06-04 17:40 8,424 --a------ C:\WINDOWS\system32\exe2bin.exe
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\mountvol.exe
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\mciole16.dll
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\mag_hook.dll
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\lpr.exe
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\control.exe
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\cidaemon.exe
2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2003-06-04 17:40 792,064 --a------ C:\WINDOWS\system32\comres.dll
2003-06-04 17:40 79,488 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\mprapi.dll
2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\makecab.exe
2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\fontsub.dll
2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\diantz.exe
2003-06-04 17:40 780,928 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2003-06-04 17:40 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2003-06-04 17:40 774,144 --a------ C:\WINDOWS\system32\mmc.exe
2003-06-04 17:40 77,850 --a------ C:\WINDOWS\system32\hlink.dll
2003-06-04 17:40 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2003-06-04 17:40 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll
2003-06-04 17:40 76,800 --a------ C:\WINDOWS\system32\gcdef.dll
2003-06-04 17:40 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2003-06-04 17:40 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2003-06-04 17:40 74,810 --a------ C:\WINDOWS\system32\atl.dll
2003-06-04 17:40 74,240 --a------ C:\WINDOWS\system32\dhcpsapi.dll
2003-06-04 17:40 73,728 --a------ C:\WINDOWS\system32\ils.dll
2003-06-04 17:40 73,728 --a------ C:\WINDOWS\system32\csseqchk.dll
2003-06-04 17:40 73,216 --a------ C:\WINDOWS\system32\avwav.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 23:23:58 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-19 23:08:46 193 ----a-w C:\WINDOWS\system32\qviexio3.dat
2007-06-18 22:32:11 82,096 ----a-w C:\DOCUME~1\Owner\APPLIC~1\sysprotectscannerinstall[1].exe
2007-06-18 22:16:23 89,288 ----a-w C:\DOCUME~1\Owner\APPLIC~1\errorsafefreeinstallw[1].exe
2007-06-18 21:55:48 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Error Safe Free
2007-06-18 21:46:04 2,580 ----a-w C:\WINDOWS\system32\xkosmawc.exe
2007-06-18 21:09:25 46,592 ----a-w C:\WINDOWS\gkzhwtl.exe
2007-06-15 16:48:23 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-06-13 18:12:24 -------- d-----w C:\Program Files\TaxCut Business 2006
2007-06-04 22:26:01 -------- d-----w C:\Program Files\ItsDeductible2005
2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 16:38:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Motive
2007-06-01 21:39:45 1,467 ----a-w C:\WINDOWS\mozver.dat
2007-05-17 19:13:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Talkback
2007-05-15 20:59:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-14 17:50:51 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Z-Firm LLC
2007-05-11 16:46:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\SpamBlockerUtility_Icons
2007-05-10 23:28:07 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\SpamBlocker
2007-05-10 23:28:00 -------- d-----w C:\Program Files\Hotbar
2007-04-27 01:53:17 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\pdf995
2007-04-17 16:56:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Intuit
2007-04-17 16:55:55 -------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-04-17 16:53:44 -------- d-----w C:\Program Files\TurboTax
2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-13 20:29:31 21,822,168 ----a-w C:\AdbeRdr80_en_US.exe
2007-04-11 18:35:42 -------- d--h--r C:\DOCUME~1\Owner\APPLIC~1\yahoo!
2007-04-08 23:29:33 -------- d-----w C:\Program Files\Easy Internet signup
2007-04-08 23:23:33 -------- d-----w C:\Program Files\AWS
2007-04-08 23:17:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-08 23:16:41 -------- d-----w C:\Program Files\Symantec
2007-04-08 23:12:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Sammsoft
2007-04-05 21:45:40 -------- d-----w C:\Program Files\RC Consulting, Inc. - Images
2007-04-04 21:22:52 -------- d-----w C:\Program Files\Restored_RC Consulting, Inc._Files
2007-04-04 21:16:49 -------- d-----w C:\Program Files\Intuit
2007-04-04 21:16:26 -------- d-----w C:\Program Files\Common Files\supportsoft
2007-04-04 21:10:32 -------- d-----w C:\Program Files\Common Files\Intuit
2007-04-04 21:05:43 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-03 01:55:52 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
2007-04-02 19:16:59 34 ----a-w C:\WINDOWS\system32\BD2070N.DAT
2007-04-02 19:09:45 -------- d-----w C:\Program Files\Brownie
2007-04-02 19:09:26 -------- d-----w C:\Program Files\Brother
2007-04-02 19:08:49 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-01 01:49:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Real
2007-03-31 02:38:43 -------- d-----w C:\Program Files\Yahoo!
2007-03-31 02:07:21 -------- d-----w C:\Program Files\BroadJump
2007-03-27 21:43:06 28,276 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-03-27 21:33:25 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-22 21:32:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Peachtree
2007-03-22 21:30:13 -------- d-----w C:\Program Files\Sage Software
2007-03-22 21:29:07 -------- d-----w C:\Program Files\Common Files\Peach
2007-03-22 21:28:04 -------- d-----w C:\Program Files\Crystal Decisions
2007-03-22 21:28:04 -------- d-----w C:\Program Files\Common Files\Crystal Decisions
2007-03-22 21:02:09 -------- d-----w C:\Program Files\DeductionPro 2006
2007-03-22 20:57:58 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-03-22 20:57:58 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-03-22 20:51:51 -------- d-----w C:\Program Files\Common Files\ATX
2006-09-29 19:35:06 -------- d-----w C:\Program Files\TaxCut Business 2005
2006-09-29 17:34:52 -------- d-----r C:\DOCUME~1\Owner\APPLIC~1\Brother
2006-09-19 06:27:01 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InterVideo
2006-09-19 05:25:33 -------- d-----w C:\Program Files\Windows NT
2006-09-19 05:25:29 -------- d-----w C:\Program Files\Movie Maker
2006-09-19 05:25:29 -------- d-----w C:\Program Files\Messenger
2006-09-06 01:54:28 1,721,952 ----a-w C:\WINDOWS\system32\InetClnt.dll
2006-07-28 02:33:48 423,016 ----a-w C:\WINDOWS\system32\Gsw32.exe
2006-07-28 02:33:48 242,816 ----a-w C:\WINDOWS\system32\Gswag32.dll
2006-07-28 02:33:48 152,688 ----a-w C:\WINDOWS\system32\gswdll32.dll
2006-07-17 19:20:28 306,832 ----a-w C:\WINDOWS\system32\tx12_xml.dll
2006-07-17 19:19:34 56,976 ----a-w C:\WINDOWS\system32\tx12_wnd.dll
2006-07-17 19:18:44 130,704 ----a-w C:\WINDOWS\system32\tx12_tls.dll
2006-07-17 19:17:34 364,176 ----a-w C:\WINDOWS\system32\tx12_rtf.dll
2006-07-17 19:16:46 519,824 ----a-w C:\WINDOWS\system32\tx12_pdf.dll
2006-07-17 19:15:56 343,696 ----a-w C:\WINDOWS\system32\tx12_obj.dll
2006-07-17 19:14:28 110,224 ----a-w C:\WINDOWS\system32\tx12_ic.dll
2006-07-17 19:13:48 229,008 ----a-w C:\WINDOWS\system32\tx12_htm.dll
2006-07-17 19:13:04 482,960 ----a-w C:\WINDOWS\system32\tx12_doc.dll
2006-07-17 19:12:20 261,776 ----a-w C:\WINDOWS\system32\tx12_css.dll
2006-07-17 19:11:36 667,280 ----a-w C:\WINDOWS\system32\tx12.dll
2006-07-17 19:04:24 741,008 ----a-w C:\WINDOWS\system32\SPR32D30.DLL
2006-07-17 19:02:04 638,608 ----a-w C:\WINDOWS\system32\Gsprop32.dll
2006-07-06 17:03:35 266,240 ------w C:\WINDOWS\SBCDSL.exe
2006-04-12 17:11:44 1,933,312 ----a-w C:\WINDOWS\system32\cdintf251.dll
2005-10-24 18:26:12 146,944 ----a-w C:\WINDOWS\system32\QBPOSProtocol.dll
2005-09-23 14:29:16 626,688 ----a-w C:\WINDOWS\system32\msvcr80.dll
2005-03-18 06:54:03 99,544 ----a-w C:\WINDOWS\system32\GetFlash.exe
2004-12-04 01:48:58 65,536 ----a-w C:\WINDOWS\COMRegTL.exe
2004-10-12 08:24:00 188,416 ----a-w C:\WINDOWS\system32\Pdrvinst.dll
2004-10-04 08:03:00 36,864 ----a-w C:\WINDOWS\system32\BRVPDNTA.DLL
2004-09-24 07:00:00 24,223 ----a-w C:\WINDOWS\system32\brlm03a.dll
2004-09-17 07:00:00 196,608 ----a-w C:\WINDOWS\system32\Brdiag2.exe
2004-08-16 07:00:00 73,728 ----a-w C:\WINDOWS\system32\BRRBTOOL.EXE
2004-07-15 07:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
2004-07-15 06:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
2004-07-10 22:28:28 172,032 ----a-w C:\WINDOWS\system32\rsUtil.dll
2003-10-28 21:10:06 72,192 ----a-w C:\WINDOWS\system32\Ssprn32.dll
2003-10-28 21:10:06 61,440 ----a-w C:\WINDOWS\system32\Ssmedt32.dll
2003-10-28 21:10:06 368,912 ----a-w C:\WINDOWS\system32\Vbar332.dll
2003-10-28 21:10:06 102,469 ----a-w C:\WINDOWS\system32\VBPrnDlg.dll
2003-10-28 21:10:04 216,064 ----a-w C:\WINDOWS\system32\Cp5dll32.dll
1989-12-12 17:10:10 451,920 --sh--r C:\WINDOWS\gkzhwtlA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 00:47]
{316E10F6-D31B-F998-1A11-F88DC976D3B5}=C:\WINDOWS\System32\ucweqge.dll [2007-06-20 07:49]
{4B18DD50-C996-44fc-AC52-0FECFF82ED58}=c:\program files\spamblockerutility\sbtv\sbtvhelper.dll []
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\common\yiesrvc.dll [2006-10-31 16:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 01:03]
{D7790E31-3B37-4A47-B7D6-3FE9F528BD0D}=C:\Program Files\WindowsUpdate\holemun58441.dll [2007-06-14 04:54]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 18:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 07:27]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 17:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-09 23:36]
"nwiz"="nwiz.exe" [2003-03-03 11:44 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"uwas7cw"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 22:08]
"Notn"="C:\DOCUME~1\Owner\MYDOCU~1\PPATCH~1\winword.exe" []
"Xsk"="C:\WINDOWS\a?sembly\?ervices.exe" []
"SysProtect Free"="C:\Program Files\SysProtect Free\USYP.exe" []

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Online Services\progyrtajyg.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

Contents of the 'Scheduled Tasks' folder
2006-09-29 17:40:17 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2003-06-29 16:53:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2003-06-29 16:56:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2003-06-29 16:55

--- E O F ---

#2 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 17 July 2007 - 11:26 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#3 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 28 July 2007 - 05:35 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button