1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

I need major help please. HJT included

Discussion in 'Malware and Virus Removal Archive' started by dirtydog43, 2006/12/08.

Page 2 of 2
  1. 2006/12/10
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    I had another HJT analyst look at this thread and they pointed out yet another infection, Alcan. So we'll need to work that fix next.


    1. Please download, install, and update Ewido anti-spyware
    1. Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
    2. After the update finishes (the status bar at the bottom will display "Update successful ")
    3. Close Ewido. Do not run it yet.

    2. Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next "
    • In the box to choose where to extract the files to, click "Browse "
    • Click on the + sign next to "My Computer "
    • Click on "Local Disk (C: ) or whatever your primary drive is
    • Click "Make New Folder "
    • Type in BFU
    • Click "Next ", and Uncheck the "Show Extracted Files" box and then click "Finish ".
    3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As ") in order to download Alcan worm remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with these yet!

    4. Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

    5. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Next to the scriptline to execute field click the folder icon [​IMG] and select alcanshorty.bfu
    • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.

    6. Ewido Scan
    • Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
    • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
    • Click on "Save Report ", then "Save Report As ". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
    • Restart back into Normal Mode.

    Please perform another scan with Hijack This, and then post the contents of the Ewido text report that you saved and a new HijackThis log.
     
    TeMerc,
    #21
  2. 2006/12/12
    dirtydog43

    dirtydog43 Inactive Thread Starter

    Joined:
    2006/03/19
    Messages:
    66
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 6:37:21 AM, on 12/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\My Antispyware\HijackThis-1.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe "
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128033660437
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h20179.www2.hp.com/psgna/caller/SysQuery.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
    dirtydog43,
    #22


  3. to hide this advert.

  4. 2006/12/12
    dirtydog43

    dirtydog43 Inactive Thread Starter

    Joined:
    2006/03/19
    Messages:
    66
    Likes Received:
    0
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:30:32 AM 12/12/2006

    + Scan result:



    C:\!KillBox\win10140.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win10140.dll( 13) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win10698.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win10698.dll( 28) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win10957.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win10957.dll( 9) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win15359.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win15359.dll( 18) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win1654.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win1654.dll( 26) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win17564.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win17564.dll( 11) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win18110.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win18110.dll( 34) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win18548.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win18548.dll( 2) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win19106.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win19106.dll( 20) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win22370.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win22370.dll( 22) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win22491.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win22491.dll( 4) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win27776.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win27776.dll( 27) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win309.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win309.dll( 6) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win31247.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win31247.dll( 14) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win31461.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win31461.dll( 29) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win33810.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win33810.dll( 32) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win35494.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win35494.dll( 16) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win36546.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win36546.dll( 12) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win40260.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win40260.dll( 21) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win42086.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win42086.dll( 23) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win43005.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win43005.dll( 25) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win43035.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win43035.dll( 5) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win46240.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win46240.dll( 3) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win48372.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win48372.dll( 31) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win52749.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win52749.dll( 7) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win53699.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win53699.dll( 8) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win54931.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win54931.dll( 15) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win56663.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win56663.dll( 17) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win58114.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win58114.dll( 19) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win58525.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win58525.dll( 10) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win59645.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win59645.dll( 30) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win62458.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\!KillBox\win62458.dll( 24) -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\win10661.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\win15806.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\win18438.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\win28720.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\win41497.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\win60244.dll -> Proxy.Agent.ll : Cleaned with backup (quarantined).



    ::Report end


    Edited out cookies and systemvoume info
     
    dirtydog43,
    #23
  5. 2006/12/12
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, lets get another ComboFix log please, HJT log looks clear, but wanting to double check.
     
    TeMerc,
    #24
  6. 2006/12/13
    dirtydog43

    dirtydog43 Inactive Thread Starter

    Joined:
    2006/03/19
    Messages:
    66
    Likes Received:
    0
    Gary - 06-12-12 18:25:24.70 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\My Antispyware "

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Gary\My Documents\CURITY~1
    C:\QooBox\Purity\Documents and Settings\Gary\My Documents\ICROSO~1
    C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1
    C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1\arpa.exe
    C:\QooBox\Purity\Documents and Settings\Gary\My Documents\WNSXS~1\W?nSxS
    C:\QooBox\Purity\Program Files\Common Files\FNTS~1
    C:\QooBox\Purity\WINDOWS\MCROSO~1
    C:\QooBox\Purity\WINDOWS\YMANTE~1
    C:\QooBox\Purity\WINDOWS\system32\CURITY~1
    C:\QooBox\Purity\WINDOWS\system32\FNTS~1
    C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
    C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
    C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
    C:\QooBox\Purity\WINDOWS\system32\SKS~1
    C:\QooBox\Purity\WINDOWS\system32\STEM32~1
    C:\QooBox\Purity\WINDOWS\system32\STEM~1
    C:\QooBox\Purity\WINDOWS\system32\WNSXS~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-12 to 2006-12-12 ))))))))))))))))))))))))))))))))))


    2006-12-12 17:28 466,944 --a------ C:\WINDOWS\system32\win18704.dll
    2006-12-12 17:26 23,552 --a------ C:\WINDOWS\system32\wmimgr32.dll
    2006-12-12 06:35 466,944 --a------ C:\WINDOWS\system32\win23704.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-12 18:23 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-12-10 12:38 -------- d-------- C:\Program Files\Windows Media Player
    2006-12-10 12:38 -------- d-------- C:\Program Files\Windows Media Connect 2
    2006-12-09 21:44 -------- d-------- C:\Program Files\LimeWire
    2006-12-09 19:18 -------- d-------- C:\Program Files\Kazaa
    2006-12-09 19:16 -------- d-------- C:\Program Files\SpywareBlaster
    2006-12-09 19:13 -------- d-------- C:\Program Files\Internet Explorer
    2006-12-09 18:14 -------- d-------- C:\Program Files\dvd43
    2006-12-09 16:06 -------- d-------- C:\Program Files\Kazaa Lite Revolution
    2006-12-01 18:01 -------- d-------- C:\Program Files\Motorola Phone Tools
    2006-11-28 00:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-19 03:01 -------- d-------- C:\Program Files\MSXML 4.0
    2006-11-18 12:27 -------- d-------- C:\Documents and Settings\Gary\Application Data\Alibre Design
    2006-11-18 12:25 -------- d-------- C:\Program Files\Alibre Design
    2006-11-17 18:20 -------- d-------- C:\Program Files\BearShare Applications
    2006-11-17 18:16 -------- d-------- C:\Program Files\iTunes
    2006-11-17 18:16 -------- d-------- C:\Program Files\iPod
    2006-11-17 18:14 -------- d-------- C:\Program Files\QuickTime
    2006-11-17 18:12 -------- d-------- C:\Program Files\Apple Software Update
    2006-11-12 20:32 -------- d-------- C:\Program Files\Java
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-21 15:15 -------- d-------- C:\Program Files\Viewpoint
    2006-10-21 15:06 -------- d-------- C:\Program Files\HaxFix
    2006-10-21 07:45 -------- d-------- C:\Program Files\Common Files
    2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
    2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
    2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
    2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
    2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
    2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
    2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
    2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
    2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
    2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
    2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
    2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
    2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
    2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
    2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
    2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
    2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
    2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
    2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
    2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
    2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
    2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
    2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
    2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-15 14:04 -------- d-------- C:\Program Files\Grisoft
    2006-10-14 09:21 0 --a------ C:\WINDOWS\system32\taskkill.exe
    2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
    2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
    2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
    2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
    2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
    2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-09-22 18:57 7483 --a------ C:\clean.bat
    2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "RecordNow! "=" "
    "NVIEW "= "rundll32.exe nview.dll,nViewLoadHook "
    "BGNewsAgent "= "\ "C:\\Program Files\\BullGuard Software\\BullGuard\\BgNewsUI.exe\" "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "UpdateManager "= "\ "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r "
    "Apoint "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
    "AGRSMMSG "= "AGRSMMSG.exe "
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup "
    "nwiz "= "nwiz.exe /install "
    "Cpqset "= "C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe "
    "eabconfg.cpl "= "C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start "
    "IntelliPoint "= "\ "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\" "
    "MMTray "= "\ "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\" "
    "SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\" "
    "MimBoot "= "C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe "
    "HP Software Update "= "\ "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\" "
    "HP Component Manager "= "\ "C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\" "
    "dvd43 "= "C:\\Program Files\\dvd43\\dvd43_tray.exe "
    "MULTIMEDIA KEYBOARD "= "C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe "
    "Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
    "QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
    "iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed "= "1 "
    "NoChange "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed "= "1 "

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "
    "Symantec NetDriver Warning "= "C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe "

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall "=" "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "
    "Symantec NetDriver Warning "= "C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall "=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning "=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
    "CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
    "WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
    "SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
    "WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Ad-Aware SE Personal.job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-12-12 18:26:31.15
    C:\ComboFix.txt ... 06-12-12 18:26
    C:\ComboFix2.txt ... 06-12-10 11:22
    C:\ComboFix3.txt ... 06-12-09 19:20
     
    dirtydog43,
    #25
  7. 2006/12/13
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Download the Killbox from here and save it to the desktop.
    • Double-click the KillBox icon on your desktop to open it
    • Select "Delete on Reboot "
    • Then select "All files ".
    Copy the file names below to the clipboard by highlighting them and pressing Control-C:
    C:\WINDOWS\system32\win18704.dll
    C:\WINDOWS\system32\wmimgr32.dll
    C:\WINDOWS\system32\win23704.dll

    Return to Killbox
    • Go to the File menu, and choose "Paste from Clipboard ".
    • Click the red-and-white [Delete File] button.
    • Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

    Reboot then run the following tool:

    Please download SilentRunners from here

    Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run.
    Silent Runners will ask if you want to skip the supplementary search.
    Please select 'No' to include them.
    Then select 'Yes' to confirm the search.
    When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

    Please post the entire contents of this logfile created back into this thread for me to see.

    Also run ComboFix again and post its log too.
     
    TeMerc,
    #26
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...