Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log File - Still can't kill off these popups.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby KlavoHunter » September 17th, 2007, 3:02 pm

Step 1.) Done


Step 2.) Contents of PandaScan...

Code: Select all
Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Hacktool:Exploit/ByteVerify                                                     Not disinfected               C:\Documents and Settings\Doug\.jpi_cache\jar\1.0\ie0502b.jar-35b62376-7b5ef451.zip[NewSecurityClassLoader.class]                                                                                                                                               
Hacktool:Exploit/ByteVerify                                                     Not disinfected               C:\Documents and Settings\Doug\.jpi_cache\jar\1.0\ie0502b.jar-35b62376-7b5ef451.zip[NewURLClassLoader.class]                                                                                                                                                    
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[ad.yieldmanager.com/]                                                                                                                                     
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.advertising.com/]                                                                                                                                        
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.doubleclick.net/]                                                                                                                                        
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.atdmt.com/]                                                                                                                                              
Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.fastclick.net/]                                                                                                                                          
Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.tribalfusion.com/]                                                                                                                                       
Spyware:Cookie/Adrevolver                                                       Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.adrevolver.com/]                                                                                                                                         
Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.mediaplex.com/]                                                                                                                                          
Spyware:Cookie/Traffic Marketplace                                              Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.trafficmp.com/]                                                                                                                                          
Spyware:Cookie/Zedo                                                             Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.zedo.com/]                                                                                                                                               
Spyware:Cookie/QuestionMarket                                                   Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.questionmarket.com/]                                                                                                                                     
Spyware:Cookie/adultfriendfinder                                                Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.adultfriendfinder.com/]                                                                                                                                  
Spyware:Cookie/bravenetA                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.bravenet.com/]                                                                                                                                           
Spyware:Cookie/did-it                                                           Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.did-it.com/]                                                                                                                                             
Spyware:Cookie/Statcounter                                                      Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.statcounter.com/]                                                                                                                                        
Spyware:Cookie/PointRoll                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.ads.pointroll.com/]                                                                                                                                      
Spyware:Cookie/Casalemedia                                                      Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.casalemedia.com/]                                                                                                                                        
Spyware:Cookie/BurstBeacon                                                      Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[www.burstbeacon.com/]                                                                                                                                     
Spyware:Cookie/Screensavers                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.i.screensavers.com/]                                                                                                                                     
Spyware:Cookie/Atwola                                                           Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.atwola.com/]                                                                                                                                             
Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.realmedia.com/]                                                                                                                                          
Spyware:Cookie/Systemdoctor                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.systemdoctor.com/]                                                                                                                                       
Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.winantivirus.com/]                                                                                                                                       
Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[winantivirus.com/]                                                                                                                                        
Spyware:Cookie/Toplist                                                          Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.toplist.cz/]                                                                                                                                             
Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.winantispyware.com/]                                                                                                                                     
Spyware:Cookie/ErrorSafe                                                        Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.errorsafe.com/]                                                                                                                                          
Spyware:Cookie/NewMedia                                                         Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.anm.co.uk/]                                                                                                                                              
Spyware:Cookie/Apmebf                                                           Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[.apmebf.com/]                                                                                                                                             
Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\i4brv8h0.default\cookies.txt[www.winantiviruspro.com/]                                                                                                                                 
Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\Doug\Cookies\doug@mediaplex[2].txt                                                                                                                                                                                                    
Spyware:Cookie/Reliablestats                                                    Not disinfected               C:\Documents and Settings\Doug\Cookies\doug@stats1.reliablestats[2].txt                                                                                                                                                                                         
Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\Doug\Cookies\doug@winantispyware[1].txt                                                                                                                                                                                               
Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\Doug\Cookies\doug@winantivirus[1].txt                                                                                                                                                                                                 
Virus:Generic Malware                                                           Disinfected                   C:\Documents and Settings\Doug\Desktop\ComboFix.exe                                                                                                                                                                                                             
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\bnbosquj.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\ceoerlcx.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\coccwljo.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\diuuggkt.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\eenyupcs.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\epqodydf.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\fqyyskur.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\hrspyjxk.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\jawnmhvr.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\jjlhwhwn.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\lbgctryq.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\lcfngqrt.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\lgsdvkks.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\mdajdxmv.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\nhsinhbs.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\nkuululk.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\ojspeoun.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\oqcimgag.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\qyrkqhfw.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\rvggmtpf.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\tshuujok.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\txsklvrg.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\uxtqvjhh.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\vtqokdum.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\whrifnpp.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\xbvdwvoq.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\xulacirr.exe.vir                                                                                                                                                                                                          
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\qoobox\Quarantine\C\WINNT\system32\ylrrtmxt.exe.vir                                                                                                                                                                                                          
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\WINNT\NirCmd.exe                                                                                                                                                                                                                                             
Adware:Adware/Zenosearch                                                        Not disinfected               C:\WINNT\system32\dwdsrngt.exe                                                                                                                                                                                                                                  
Adware:Adware/Zenosearch                                                        Not disinfected               C:\WINNT\system32\lodsrngj.exe                                                                                                                                                                                                                                  
Virus:Trj/Downloader.OZB                                                        Disinfected                   C:\_OTMoveIt\MovedFiles\WINNT\system32\fiywiybb.exe                                                                                                                                                                                                             





New HijackThis! log:
Code: Select all
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:02:20 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Doug\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-1343024091-725345543-1001\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Doug')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-484763869-1343024091-725345543-1001 Startup: TA_Start.lnk = C:\WINNT\system32\lodsrngj.exe (User 'Doug')
O4 - S-1-5-21-484763869-1343024091-725345543-1001 Startup: Think-Adz.lnk = C:\WINNT\system32\pwinpmdt.exe (User 'Doug')
O4 - S-1-5-21-484763869-1343024091-725345543-1001 User Startup: TA_Start.lnk = C:\WINNT\system32\lodsrngj.exe (User 'Doug')
O4 - S-1-5-21-484763869-1343024091-725345543-1001 User Startup: Think-Adz.lnk = C:\WINNT\system32\pwinpmdt.exe (User 'Doug')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159110994328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE

--
End of file - 8066 bytes
KlavoHunter
Active Member
 
Posts: 10
Joined: August 29th, 2007, 9:23 pm
Advertisement
Register to Remove

Unread postby SNOWHITE » September 19th, 2007, 2:16 pm

Hello KlavoHunter,

Step #1

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please empty these folders (if present):

C:\Documents and Settings\Doug\.jpi_cache\jar <- empty this folder
C:\qoobox\Quarantine <- empty this folder

Close Windows Explorer.

Right click on Recycle Bin, choose Empty Recycle Bin.

Step #2

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Post back with SDFix report and new HijackThis log.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby askey127 » September 29th, 2007, 12:23 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 624 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware