Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
PC so slow. I'm just now able to get access to pull down 'topic info' from your posts. I was unable to copy the hjt's so I had to manually copy them to a word doc and then post to id.
Here is the combofix and HJT you requested:
05-02-21 15:46 12 --a------ C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\toolbar.cfg.vir 05-02-21 15:46 1406 --a------ C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\logo.ico.vir 05-06-09 13:01 1405 --a------ C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\readme.txt.vir 06-02-22 16:46 8197 --a------ C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\license.txt.vir 06-06-09 10:06 16929 --a------ C:\Qoobox\Quarantine\C\Program Files\Cowabanga\License.txt.vir 06-07-19 10:35 307200 --a------ C:\Qoobox\Quarantine\C\Program Files\System Files\System.exe.vir 06-07-20 16:31 1163264 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wfxqhv.exe.vir 06-07-21 22:17 1 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vx.tll.vir 06-07-21 22:17 100 --a------ C:\Qoobox\Quarantine\C\Program Files\BraveSentry\BraveSentry.lic.vir 06-07-21 22:17 1513009 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Install.dat.vir 06-07-21 22:18 16 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dlh9jkdq8.exe.vir 06-07-21 22:18 4 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winsub.xml.vir 06-07-21 22:18 61 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\svcp.csv.vir 06-07-23 09:15 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\1.txt.vir 06-07-23 09:15 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\2.txt.vir 06-08-08 09:56 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\keyboard1.dat.vir 06-08-08 09:56 221184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xeymi.dll.vir 06-08-08 09:56 36864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\n9nyb.exe.vir 06-08-08 09:56 865275 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pixk5gp2.phy.vir 06-08-08 09:58 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\newname.dat.vir 06-08-08 09:58 10551 --a------ C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\INSTALL.LOG.vir 06-08-08 09:58 22486 --a------ C:\Qoobox\Quarantine\C\Program Files\System Icons\439.ico.vir 06-08-08 09:58 22486 --a------ C:\Qoobox\Quarantine\C\Program Files\System Icons\440.ico.vir 06-08-08 09:58 22486 --a------ C:\Qoobox\Quarantine\C\Program Files\System Icons\441.ico.vir 06-08-08 10:01 14 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt.vir 06-08-08 10:01 248 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt.vir 06-08-08 18:57 211 --a------ C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\whAgent.ini.vir 06-08-12 15:34 28672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32bez6n4r21.exe.vir 06-08-12 15:34 36864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32n9nyb.exe.vir 06-08-12 15:34 45056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32ghynf.exe.vir 06-08-12 15:35 28672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iqqr.exe.vir 06-08-12 16:52 28672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bez6n4r21.exe.vir 06-08-12 22:45 1841 --a------ C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0.vir 06-08-12 23:55 14 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt.vir 06-08-12 23:55 77102 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt.vir 06-08-14 17:13 295910 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.tmp.vir 06-11-28 22:36 732801 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Sskknwrd.dll.vir 06-11-29 22:53 113 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Sskdmns.dll.vir 06-11-29 23:01 28 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Sskcwrd.dll.vir 07-04-30 20:44 2830 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Network Monitor.reg.cf 07-04-30 20:44 870 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.cf 99-12-23 14:12 11264 --a------ C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\sporder.dll.vir Folder PATH listing Volume serial number is 84ED-2974 C:\QOOBOX \---Quarantine +---C | +---DOCUME~1 | | +---LOCALS~1 | | | \---APPLIC~1 | | | \---NetMon | | | domains.txt.vir | | | log.txt.vir | | | | | +---NETWOR~1 | | | \---APPLIC~1 | | | \---NetMon | | | domains.txt.vir | | | log.txt.vir | | | | | \---RALPHH~1 | | \---APPLIC~1 | | Install.dat.vir | | Sskcwrd.dll.vir | | Sskdmns.dll.vir | | Sskknwrd.dll.vir | | | +---Program Files | | +---BraveSentry | | | BraveSentry.lic.vir | | | | | +---Cowabanga | | | License.txt.vir | | | | | +---System Files | | | System.exe.vir | | | | | +---System Icons | | | 439.ico.vir | | | 440.ico.vir | | | 441.ico.vir | | | | | +---TheSearchAccelerator | | | INSTALL.LOG.vir | | | logo.ico.vir | | | TBlogin.users.ucmore.com.4.5.40.0.vir | | | toolbar.cfg.vir | | | | | \---webHancer | | \---Programs | | license.txt.vir | | readme.txt.vir | | sporder.dll.vir | | whAgent.ini.vir | | | \---WINDOWS | | keyboard1.dat.vir | | newname.dat.vir | | system32bez6n4r21.exe.vir | | system32ghynf.exe.vir | | system32n9nyb.exe.vir | | | \---system32 | 1.txt.vir | 2.txt.vir | atmtd.dll.tmp.vir | bez6n4r21.exe.vir | dlh9jkdq8.exe.vir | iqqr.exe.vir | n9nyb.exe.vir | pixk5gp2.phy.vir | svcp.csv.vir | vx.tll.vir | wfxqhv.exe.vir | winsub.xml.vir | xeymi.dll.vir | \---Registry_backups LEGACY_NETWORK_MONITOR.reg.cf services_Network Monitor.reg.cf
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 9:03:13 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ralph Hudnall\Desktop\HJT\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {850C7964-9320-4055-BE11-7D7B562A6417} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SensLogon - C:\WINDOWS\SYSTEM32\helper.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
