Sign in to follow this  

Winantivirus Pro And Other Bogus Antivirus Software

Recommended Posts

Please can you help. I am continually getting new IE windows poping up with all sorts of things including WinAntivirus Pro. The pc also appears to be running slow. When I try to do an Adaware scan it picks up a critical object and the windows bottom bar goes white then goes to a blue screen with fatal system error. I am able to reboot but have to go through the login a couple of times before all is fairly normal.

Kind regards



Share this post

Link to post
Share on other sites



Please do not attach your logs, but copy and paste them in the thread instead...


* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.


When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.

Post the contents of this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post

Link to post
Share on other sites

Hi, Ive done that. Only thing was that a dialogue box came up on reboot as follows"nircmd.cfexe unable to locate component. The application failed to start because connapi.dll was not found. Re-installing the application may fix the problem".


Hope I've done it right this time. Thanks for your help.




ComboFix 07-08-26.3 - "Paul" 2007-08-26 14:49:06.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT 1:00]

* Created a new restore point



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\Cache0880D1.bin

C:\Program Files\MyWebSearch\bar\Cache0883A0.bin

C:\Program Files\MyWebSearch\bar\Cache0884E8.bin

C:\Program Files\MyWebSearch\bar\Cache088601.bin

C:\Program Files\MyWebSearch\bar\Cache08873A.bin

C:\Program Files\MyWebSearch\bar\Cache3E3EC3C.bin

C:\Program Files\MyWebSearch\bar\Cache3E3EFA7.bin

C:\Program Files\MyWebSearch\bar\Cache3E3F12E.bin

C:\Program Files\MyWebSearch\bar\Cache\1121FF00.bin

C:\Program Files\MyWebSearch\bar\Cache\112200E5.bin

C:\Program Files\MyWebSearch\bar\Cache\1125C02F.bin

C:\Program Files\MyWebSearch\bar\Cache\1125C242.bin

C:\Program Files\MyWebSearch\bar\Cache\11290E21.bin

C:\Program Files\MyWebSearch\bar\Cache\11419406.bin

C:\Program Files\MyWebSearch\bar\Cache\17819F98.bin

C:\Program Files\MyWebSearch\bar\Cache\1DCD52EF.bin

C:\Program Files\MyWebSearch\bar\Cache\2890649A

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search

C:\Program Files\MyWebSearch\bar\MSNBackgrounds\1B4F1D67.jpeg

C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak

C:\Program Files\MyWebSearch\bar\Settings\settings.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL



































((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))



2007-08-26 14:47 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-16 07:23 189,952 --a------ C:\DOCUME~1\Paul\jip.exe



(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-08-26 15:04 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-08-22 10:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2005-10-21 16:03 774144 --a------ C:\Program Files\RngInterstitial.dll



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown



"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]

"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-03 22:01]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:12]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-27 21:02]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]

"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 12:41]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 00:18]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 03:02]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]



"Sonic RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-17 16:36]



"Windows Recylinder Check"=uajnogrwyd.exe



"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog



DESKTOP.INI [2002-09-03 10:00:00]



DESKTOP.INI [2002-09-03 10:00:00]



DESKTOP.INI [2002-09-03 10:00:00]



DESKTOP.INI [2002-09-03 10:00:00]


R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys

R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys

S3 gUSBSTOi;gUSBSTOi;\??\C:\DOCUME~1\Paul\LOCALS~1\Temp\gUSBSTOi.sys



Contents of the 'Scheduled Tasks' folder

2007-08-24 19:58:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe

2007-08-25 23:00:01 C:\WINDOWS\Tasks\Symantec Drmc.job




catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Rootkit scan 2007-08-26 15:02:40

Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully

hidden files: 0




Completion time: 2007-08-26 15:07:49 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-26 15:07


--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:17, on 26/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal


Running processes:







C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe


C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe






C:\Program Files\Dell\Media Experience\PCMService.exe


C:\Program Files\Real\RealPlayer\RealPlay.exe


C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe


C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AOL 8.0\aoltray.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe


O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\RunServices: [Windows Recylinder Check] uajnogrwyd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: RaptisoftGameLoader -

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer =

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



End of file - 12538 bytes

Share this post

Link to post
Share on other sites



Don't worry about the error at startup - this is a part of Combofix and some Antivirus interfere with it.


Navigate to and delete next folder and file:


C:\Qoobox <== folder

C:\DOCUMENTS AND SETTINGS\Paul\jip.exe <== file


I see you have Ewido installed while you are having AVG Antispyware as well. AVG Antispyware is the updated version of Ewido, so it's really no need to have Ewido still installed, so I suggest you uninstall Ewido.


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\RunServices: [Windows Recylinder Check] uajnogrwyd.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O16 - DPF: RaptisoftGameLoader -

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -


* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Let me know in your next reply how things are now...

Share this post

Link to post
Share on other sites



Well I've done all that and all seems to be running ok. No IEs have been opening as yet. The only thing was with the Java. I was unsure on where to install it from and in the end I ended up installing JRE 6 Update 2 before I deleted the other version I had. Will this be a problem. Thank you so much for you help.



Share this post

Link to post
Share on other sites
I ended up installing JRE 6 Update 2 before I deleted the other version I had. Will this be a problem
No, that won't be a problem, so don't worry about that :angry:


Glad I could help. :)


Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.


Happy Surfing again!

Share this post

Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.


Everyone else please begin a New Topic.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this