• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
arzsupra

WinAntiVirusPro HELP PLEASE!

3 posts in this topic

I recently aquired the WinAntiVirusPro spyware, and I have no idea on how to uninstall it. I've tried many spyware programs, but they don't seem to work. I looked up several forum posts on this subject, and realized this isn't an easy task.

 

I have both the ComboFix and HJT logs below.

 

I would appreciate any help, thanks again.

 

 

 

HJT-

 

Logfile of HijackThis v1.99.1

Scan saved at 5:05:51 PM, on 06/29/03

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {316E10F6-D31B-F998-1A11-F88DC976D3B5} - C:\WINDOWS\System32\ucweqge.dll

O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E2DC7F5C7A4E2938CF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll (file missing)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {D7790E31-3B37-4A47-B7D6-3FE9F528BD0D} - C:\Program Files\WindowsUpdate\holemun58441.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\MYDOCU~1\PPATCH~1\winword.exe" -vt yazb

O4 - HKCU\..\Run: [Xsk] C:\WINDOWS\a?sembly\?ervices.exe

O4 - HKCU\..\Run: [sysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll

O15 - Trusted Zone: *.sbcglobal.net

O15 - Trusted Zone: http://*.sbcglobal.net

O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\System32\QBPOSProtocol.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Intuit Entitlement Service v2 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: QBPOS Database Extended Manager (QBPOSDBExtServices) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe

 

 

 

ComboThis

 

 

"Owner" - 2003-06-29 16:45:36 - ComboFix 07-06-27.7 - Service Pack 1 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\awtqo.dll

C:\WINDOWS\system32\aiuylord.dll

C:\WINDOWS\system32\emancpvs.dll

C:\WINDOWS\system32\ljjigeb.dll

C:\WINDOWS\system32\ujgoqhih.dll

C:\WINDOWS\system32\oqtwa.ini

C:\WINDOWS\system32\svpcname.ini

C:\WINDOWS\system32\abeeg.bak1

C:\WINDOWS\system32\abeeg.bak2

C:\WINDOWS\system32\abeeg.ini

C:\WINDOWS\system32\abeeg.bak1

C:\WINDOWS\system32\abeeg.bak2

C:\WINDOWS\system32\abeeg.ini

C:\WINDOWS\system32\byxyaww.dll

C:\WINDOWS\system32\geeba.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor

C:\DOCUME~1\Owner\MYDOCU~1.\ppatch~1

C:\DOCUME~1\Owner\MYDOCU~1.\ppatch~1\winword.exe

C:\Documents and Settings\All Users.\documents\settings

C:\Documents and Settings\All Users.\documents\settings\desktop.ini

C:\Documents and Settings\All Users.\documents\settings\partnership.dll

C:\Documents and Settings\Owner.\err.log

C:\Program Files\Common Files\curity~1

C:\Program Files\Common Files\winantispyware 2007

C:\Program Files\Common Files\winantispyware 2007\err.log

C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe

C:\Program Files\Common Files\Yazzle1549OinAdmin.exe

C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe

C:\Program Files\Common Files\Yazzle1831OinUninstaller.exe

C:\Program Files\inetget2

C:\Program Files\Online Services\progyrtajyg.html

C:\Program Files\outerinfo

C:\Program Files\outerinfo\Terms.rtf

C:\Program Files\poolsv

C:\Program Files\poolsv\k11u72.exe

C:\Program Files\poolsv\svhost.exe

C:\Program Files\poolsv\wr-1-0000077.exe

C:\Program Files\poolsv\YazzleBundle-1549.exe

C:\Program Files\web buying

C:\Program Files\web buying\v1.7.4\wbuninst.exe

C:\Program Files\web buying\v1.7.4\webbuying.exe

C:\temp\0b9

C:\temp\0b9\tmpTF.log

C:\temp\iee

C:\temp\iee\tmpZTF.log

C:\temp\tn3

C:\WINDOWS\asembl~1

C:\WINDOWS\asembl~1\?ervices.exe

C:\WINDOWS\b122.exe

C:\WINDOWS\dls0523pmw.exe

C:\WINDOWS\offun.exe

C:\WINDOWS\poolsv.exe

C:\WINDOWS\retadpu1000106.exe

C:\WINDOWS\system32\0x57.exe

C:\WINDOWS\system32\2_exception.nls

C:\WINDOWS\system32\abcdefgh.dll

C:\WINDOWS\system32\crqroqes.exe

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

C:\WINDOWS\system32\drivers\fopn.sys

C:\WINDOWS\system32\drivers\runtime2.sys

C:\WINDOWS\system32\drivers\secdrv.sys

C:\WINDOWS\system32\KB17335212.exe

C:\WINDOWS\system32\KB26583367.exe

C:\WINDOWS\system32\KB54091001.exe

C:\WINDOWS\system32\KB94634763.exe

C:\WINDOWS\system32\ksys.sys

C:\WINDOWS\system32\kxamxww.dll

C:\WINDOWS\system32\o09PrEz

C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe

C:\WINDOWS\system32\poof

C:\WINDOWS\system32\S0

C:\WINDOWS\system32\S0\cogyaga58441.exe

C:\WINDOWS\system32\S1

C:\WINDOWS\system32\S1\bk53.exe

C:\WINDOWS\system32\S4

C:\WINDOWS\system32\S4\wen2.exe

C:\WINDOWS\system32\S6

C:\WINDOWS\system32\S6\wr613.exe

C:\WINDOWS\system32\S7

C:\WINDOWS\system32\S7\wbb22.exe

C:\WINDOWS\system32\svcp.csv

C:\WINDOWS\system32\win

C:\WINDOWS\system32\winsub.xml

C:\WINDOWS\system32\wtssu32.exe

C:\WINDOWS\wr.txt

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CORE

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

-------\core

-------\DomainService

-------\Windows Overlay Components

 

 

((((((((((((((((((((((((( Files Created from 2003-05-28 to 2003-06-29 )))))))))))))))))))))))))))))))

 

 

2003-06-29 16:46 62,516 --a------ C:\WINDOWS\system32\gswtkhyt.dll

2003-06-29 16:44 49,152 --a------ C:\WINDOWS\nircmd.exe

2003-06-29 16:19 76,412 --a------ C:\WINDOWS\system32\amuncety.dll

2003-06-29 16:19 124,436 --a------ C:\WINDOWS\system32\uxlrpadv.dll

2003-06-29 16:17 4,628 --a------ C:\WINDOWS\system32\biyrlbmw.exe

2003-06-29 15:57 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2003-06-29 15:54 60,928 --a------ C:\WINDOWS\system32\ucweqge.dll

2003-06-29 15:47 0 --a------ C:\WINDOWS\nsreg.dat

2003-06-29 15:46 <DIR> d-------- C:\Program Files\Lavasoft

2003-06-29 15:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2003-06-29 15:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2003-06-29 15:42 <DIR> d-------- C:\Downloads

2003-06-29 14:43 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2003-06-29 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic

2003-06-29 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

2003-06-29 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute

2003-06-22 11:29 1 --a------ C:\WINDOWS\system32\fontqxet.dll

2003-06-22 11:16 <DIR> d-------- C:\WINDOWS\RCXUROLIFC9MJGDA

2003-06-22 10:39 405 --a------ C:\WINDOWS\system32\cmnocfg.xml.dat

2003-06-20 10:42 618,881 --a------ C:\Temp\aZ001.exe

2003-06-20 10:42 40,960 --a------ C:\bot.exe

2003-06-04 17:40 995,384 --a------ C:\WINDOWS\system32\mfc42u.dll

2003-06-04 17:40 995,383 --a------ C:\WINDOWS\system32\mfc42.dll

2003-06-04 17:40 99,840 --a------ C:\WINDOWS\system32\mprmsg.dll

2003-06-04 17:40 99,840 --a------ C:\WINDOWS\system32\iexpress.exe

2003-06-04 17:40 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe

2003-06-04 17:40 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll

2003-06-04 17:40 968,192 --a------ C:\WINDOWS\system32\msgina.dll

2003-06-04 17:40 945,693 --a------ C:\WINDOWS\system32\msjava.dll

2003-06-04 17:40 94,282 --a------ C:\WINDOWS\system32\msencode.dll

2003-06-04 17:40 924,432 --a------ C:\WINDOWS\system32\mfc40u.dll

2003-06-04 17:40 924,432 --a------ C:\WINDOWS\system32\mfc40.dll

2003-06-04 17:40 92,160 --a------ C:\WINDOWS\system32\krnl386.exe

2003-06-04 17:40 91,648 --a------ C:\WINDOWS\system32\loadperf.dll

2003-06-04 17:40 91,648 --a------ C:\WINDOWS\system32\iuctl.dll

2003-06-04 17:40 91,648 --a------ C:\WINDOWS\system32\ahui.exe

2003-06-04 17:40 9,936 --a------ C:\WINDOWS\system32\lzexpand.dll

2003-06-04 17:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL

2003-06-04 17:40 9,728 --a------ C:\WINDOWS\system32\label.exe

2003-06-04 17:40 9,728 --a------ C:\WINDOWS\system32\gpkrsrc.dll

2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\lprmonui.dll

2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\icaapi.dll

2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\finger.exe

2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\find.exe

2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\dumprep.exe

2003-06-04 17:40 9,216 --a------ C:\WINDOWS\system32\diskcomp.com

2003-06-04 17:40 9,029 --a------ C:\WINDOWS\system32\ansi.sys

2003-06-04 17:40 89,600 --a------ C:\WINDOWS\system32\langwrbk.dll

2003-06-04 17:40 89,600 --a------ C:\WINDOWS\system32\cscdll.dll

2003-06-04 17:40 884,736 --a------ C:\WINDOWS\system32\msimsg.dll

2003-06-04 17:40 882 --a------ C:\WINDOWS\system32\fastopen.exe

2003-06-04 17:40 87,040 --a------ C:\WINDOWS\system32\drivers\atapi.sys

2003-06-04 17:40 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll

2003-06-04 17:40 86,528 --a------ C:\WINDOWS\system32\iassam.dll

2003-06-04 17:40 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll

2003-06-04 17:40 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

2003-06-04 17:40 84,992 --a------ C:\WINDOWS\system32\dskquota.dll

2003-06-04 17:40 83,968 --a------ C:\WINDOWS\system32\ipxmontr.dll

2003-06-04 17:40 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll

2003-06-04 17:40 82,432 --a------ C:\WINDOWS\system32\comrepl.dll

2003-06-04 17:40 817 --a------ C:\WINDOWS\system32\mscdexnt.exe

2003-06-04 17:40 81,408 --a------ C:\WINDOWS\system32\fsusd.dll

2003-06-04 17:40 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll

2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\mciavi32.dll

2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\charmap.exe

2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\cabview.dll

2003-06-04 17:40 80,384 --a------ C:\WINDOWS\system32\autodisc.dll

2003-06-04 17:40 80,128 --a------ C:\WINDOWS\system32\msapsspc.dll

2003-06-04 17:40 8,832 --a------ C:\WINDOWS\system32\framebuf.dll

2003-06-04 17:40 8,704 --a------ C:\WINDOWS\system32\lprhelp.dll

2003-06-04 17:40 8,704 --a------ C:\WINDOWS\system32\eventvwr.exe

2003-06-04 17:40 8,424 --a------ C:\WINDOWS\system32\exe2bin.exe

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\mountvol.exe

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\mciole16.dll

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\mag_hook.dll

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\lpr.exe

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\control.exe

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\cidaemon.exe

2003-06-04 17:40 8,192 --a------ C:\WINDOWS\system32\autolfn.exe

2003-06-04 17:40 792,064 --a------ C:\WINDOWS\system32\comres.dll

2003-06-04 17:40 79,488 --a------ C:\WINDOWS\system32\drivers\ipnat.sys

2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\mprapi.dll

2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\makecab.exe

2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\fontsub.dll

2003-06-04 17:40 79,360 --a------ C:\WINDOWS\system32\diantz.exe

2003-06-04 17:40 780,928 --a------ C:\WINDOWS\system32\drivers\dmboot.sys

2003-06-04 17:40 78,848 --a------ C:\WINDOWS\system32\msiexec.exe

2003-06-04 17:40 774,144 --a------ C:\WINDOWS\system32\mmc.exe

2003-06-04 17:40 77,850 --a------ C:\WINDOWS\system32\hlink.dll

2003-06-04 17:40 77,824 --a------ C:\WINDOWS\system32\isign32.dll

2003-06-04 17:40 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll

2003-06-04 17:40 76,800 --a------ C:\WINDOWS\system32\gcdef.dll

2003-06-04 17:40 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe

2003-06-04 17:40 76,288 --a------ C:\WINDOWS\system32\avifil32.dll

2003-06-04 17:40 74,810 --a------ C:\WINDOWS\system32\atl.dll

2003-06-04 17:40 74,240 --a------ C:\WINDOWS\system32\dhcpsapi.dll

2003-06-04 17:40 73,728 --a------ C:\WINDOWS\system32\ils.dll

2003-06-04 17:40 73,728 --a------ C:\WINDOWS\system32\csseqchk.dll

2003-06-04 17:40 73,216 --a------ C:\WINDOWS\system32\avwav.dll

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-19 23:23:58 -------- d--h--w C:\Program Files\WindowsUpdate

2007-06-19 23:08:46 193 ----a-w C:\WINDOWS\system32\qviexio3.dat

2007-06-18 22:32:11 82,096 ----a-w C:\DOCUME~1\Owner\APPLIC~1\sysprotectscannerinstall[1].exe

2007-06-18 22:16:23 89,288 ----a-w C:\DOCUME~1\Owner\APPLIC~1\errorsafefreeinstallw[1].exe

2007-06-18 21:55:48 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Error Safe Free

2007-06-18 21:46:04 2,580 ----a-w C:\WINDOWS\system32\xkosmawc.exe

2007-06-18 21:09:25 46,592 ----a-w C:\WINDOWS\gkzhwtl.exe

2007-06-15 16:48:23 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM

2007-06-13 18:12:24 -------- d-----w C:\Program Files\TaxCut Business 2006

2007-06-04 22:26:01 -------- d-----w C:\Program Files\ItsDeductible2005

2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-06-04 16:38:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Motive

2007-06-01 21:39:45 1,467 ----a-w C:\WINDOWS\mozver.dat

2007-05-17 19:13:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Talkback

2007-05-15 20:59:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google

2007-05-14 17:50:51 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Z-Firm LLC

2007-05-11 16:46:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\SpamBlockerUtility_Icons

2007-05-10 23:28:07 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\SpamBlocker

2007-05-10 23:28:00 -------- d-----w C:\Program Files\Hotbar

2007-04-27 01:53:17 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\pdf995

2007-04-17 16:56:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Intuit

2007-04-17 16:55:55 -------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0

2007-04-17 16:53:44 -------- d-----w C:\Program Files\TurboTax

2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-04-13 20:29:31 21,822,168 ----a-w C:\AdbeRdr80_en_US.exe

2007-04-11 18:35:42 -------- d--h--r C:\DOCUME~1\Owner\APPLIC~1\yahoo!

2007-04-08 23:29:33 -------- d-----w C:\Program Files\Easy Internet signup

2007-04-08 23:23:33 -------- d-----w C:\Program Files\AWS

2007-04-08 23:17:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-04-08 23:16:41 -------- d-----w C:\Program Files\Symantec

2007-04-08 23:12:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Sammsoft

2007-04-05 21:45:40 -------- d-----w C:\Program Files\RC Consulting, Inc. - Images

2007-04-04 21:22:52 -------- d-----w C:\Program Files\Restored_RC Consulting, Inc._Files

2007-04-04 21:16:49 -------- d-----w C:\Program Files\Intuit

2007-04-04 21:16:26 -------- d-----w C:\Program Files\Common Files\supportsoft

2007-04-04 21:10:32 -------- d-----w C:\Program Files\Common Files\Intuit

2007-04-04 21:05:43 -------- d-----w C:\Program Files\MSXML 4.0

2007-04-03 01:55:52 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\ArcSoft

2007-04-02 19:16:59 34 ----a-w C:\WINDOWS\system32\BD2070N.DAT

2007-04-02 19:09:45 -------- d-----w C:\Program Files\Brownie

2007-04-02 19:09:26 -------- d-----w C:\Program Files\Brother

2007-04-02 19:08:49 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-01 01:49:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Real

2007-03-31 02:38:43 -------- d-----w C:\Program Files\Yahoo!

2007-03-31 02:07:21 -------- d-----w C:\Program Files\BroadJump

2007-03-27 21:43:06 28,276 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2007-03-27 21:33:25 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-03-22 21:32:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Peachtree

2007-03-22 21:30:13 -------- d-----w C:\Program Files\Sage Software

2007-03-22 21:29:07 -------- d-----w C:\Program Files\Common Files\Peach

2007-03-22 21:28:04 -------- d-----w C:\Program Files\Crystal Decisions

2007-03-22 21:28:04 -------- d-----w C:\Program Files\Common Files\Crystal Decisions

2007-03-22 21:02:09 -------- d-----w C:\Program Files\DeductionPro 2006

2007-03-22 20:57:58 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll

2007-03-22 20:57:58 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll

2007-03-22 20:51:51 -------- d-----w C:\Program Files\Common Files\ATX

2006-09-29 19:35:06 -------- d-----w C:\Program Files\TaxCut Business 2005

2006-09-29 17:34:52 -------- d-----r C:\DOCUME~1\Owner\APPLIC~1\Brother

2006-09-19 06:27:01 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InterVideo

2006-09-19 05:25:33 -------- d-----w C:\Program Files\Windows NT

2006-09-19 05:25:29 -------- d-----w C:\Program Files\Movie Maker

2006-09-19 05:25:29 -------- d-----w C:\Program Files\Messenger

2006-09-06 01:54:28 1,721,952 ----a-w C:\WINDOWS\system32\InetClnt.dll

2006-07-28 02:33:48 423,016 ----a-w C:\WINDOWS\system32\Gsw32.exe

2006-07-28 02:33:48 242,816 ----a-w C:\WINDOWS\system32\Gswag32.dll

2006-07-28 02:33:48 152,688 ----a-w C:\WINDOWS\system32\gswdll32.dll

2006-07-17 19:20:28 306,832 ----a-w C:\WINDOWS\system32\tx12_xml.dll

2006-07-17 19:19:34 56,976 ----a-w C:\WINDOWS\system32\tx12_wnd.dll

2006-07-17 19:18:44 130,704 ----a-w C:\WINDOWS\system32\tx12_tls.dll

2006-07-17 19:17:34 364,176 ----a-w C:\WINDOWS\system32\tx12_rtf.dll

2006-07-17 19:16:46 519,824 ----a-w C:\WINDOWS\system32\tx12_pdf.dll

2006-07-17 19:15:56 343,696 ----a-w C:\WINDOWS\system32\tx12_obj.dll

2006-07-17 19:14:28 110,224 ----a-w C:\WINDOWS\system32\tx12_ic.dll

2006-07-17 19:13:48 229,008 ----a-w C:\WINDOWS\system32\tx12_htm.dll

2006-07-17 19:13:04 482,960 ----a-w C:\WINDOWS\system32\tx12_doc.dll

2006-07-17 19:12:20 261,776 ----a-w C:\WINDOWS\system32\tx12_css.dll

2006-07-17 19:11:36 667,280 ----a-w C:\WINDOWS\system32\tx12.dll

2006-07-17 19:04:24 741,008 ----a-w C:\WINDOWS\system32\SPR32D30.DLL

2006-07-17 19:02:04 638,608 ----a-w C:\WINDOWS\system32\Gsprop32.dll

2006-07-06 17:03:35 266,240 ------w C:\WINDOWS\SBCDSL.exe

2006-04-12 17:11:44 1,933,312 ----a-w C:\WINDOWS\system32\cdintf251.dll

2005-10-24 18:26:12 146,944 ----a-w C:\WINDOWS\system32\QBPOSProtocol.dll

2005-09-23 14:29:16 626,688 ----a-w C:\WINDOWS\system32\msvcr80.dll

2005-03-18 06:54:03 99,544 ----a-w C:\WINDOWS\system32\GetFlash.exe

2004-12-04 01:48:58 65,536 ----a-w C:\WINDOWS\COMRegTL.exe

2004-10-12 08:24:00 188,416 ----a-w C:\WINDOWS\system32\Pdrvinst.dll

2004-10-04 08:03:00 36,864 ----a-w C:\WINDOWS\system32\BRVPDNTA.DLL

2004-09-24 07:00:00 24,223 ----a-w C:\WINDOWS\system32\brlm03a.dll

2004-09-17 07:00:00 196,608 ----a-w C:\WINDOWS\system32\Brdiag2.exe

2004-08-16 07:00:00 73,728 ----a-w C:\WINDOWS\system32\BRRBTOOL.EXE

2004-07-15 07:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll

2004-07-15 06:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll

2004-07-10 22:28:28 172,032 ----a-w C:\WINDOWS\system32\rsUtil.dll

2003-10-28 21:10:06 72,192 ----a-w C:\WINDOWS\system32\Ssprn32.dll

2003-10-28 21:10:06 61,440 ----a-w C:\WINDOWS\system32\Ssmedt32.dll

2003-10-28 21:10:06 368,912 ----a-w C:\WINDOWS\system32\Vbar332.dll

2003-10-28 21:10:06 102,469 ----a-w C:\WINDOWS\system32\VBPrnDlg.dll

2003-10-28 21:10:04 216,064 ----a-w C:\WINDOWS\system32\Cp5dll32.dll

1989-12-12 17:10:10 451,920 --sh--r C:\WINDOWS\gkzhwtlA.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 00:47]

{316E10F6-D31B-F998-1A11-F88DC976D3B5}=C:\WINDOWS\System32\ucweqge.dll [2007-06-20 07:49]

{4B18DD50-C996-44fc-AC52-0FECFF82ED58}=c:\program files\spamblockerutility\sbtv\sbtvhelper.dll []

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\common\yiesrvc.dll [2006-10-31 16:33]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 01:03]

{D7790E31-3B37-4A47-B7D6-3FE9F528BD0D}=C:\Program Files\WindowsUpdate\holemun58441.dll [2007-06-14 04:54]

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 18:07]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 07:27]

"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 17:42]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 08:01]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-09 23:36]

"nwiz"="nwiz.exe" [2003-03-03 11:44 C:\WINDOWS\system32\nwiz.exe]

"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26]

"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"uwas7cw"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll,nViewLoadHook" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 22:08]

"Notn"="C:\DOCUME~1\Owner\MYDOCU~1\PPATCH~1\winword.exe" []

"Xsk"="C:\WINDOWS\a?sembly\?ervices.exe" []

"SysProtect Free"="C:\Program Files\SysProtect Free\USYP.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= C:\Program Files\Online Services\progyrtajyg.html

FriendlyName=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

C:\Program Files\Softex\OmniPass\opxpgina.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

 

*Newly Created Service* - ALG

*Newly Created Service* - IPNAT

 

Contents of the 'Scheduled Tasks' folder

2006-09-29 17:40:17 C:\WINDOWS\tasks\Symantec NetDetect.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2003-06-29 16:53:14

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2003-06-29 16:56:13 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2003-06-29 16:55

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi,

 

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.

Then I'll take a look. :)

Share this post


Link to post
Share on other sites

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0