Active Mirar removal

noahdfear · 2008/12/22

If you do not still have ComboFix.exe download a fresh copy from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

psaulm119 · 2008/12/30

OK here is the new combofix log:

ComboFix 08-12-29.02 - bjrittman 2008-12-30 11:53:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.490 [GMT -8:00]
Running from: c:\documents and settings\bjrittman\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nehqoq.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 11:42 . 2008-12-30 11:42 <DIR> d-------- c:\program files\Foxit Software
2008-12-30 11:42 . 2008-12-30 11:42 <DIR> d-------- c:\documents and settings\bjrittman\Application Data\Foxit
2008-12-30 11:31 . 2008-12-30 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SSScanWizard
2008-12-30 11:31 . 2008-12-30 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2008-12-20 21:45 . 2008-12-20 21:45 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-20 21:43 . 2008-12-20 21:43 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-20 21:43 . 2008-12-20 21:44 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-20 12:26 . 2008-12-20 12:26 <DIR> d-------- c:\program files\MozBackup
2008-12-12 11:56 . 2008-12-12 11:56 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 11:56 . 2008-12-12 11:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-12 11:55 . 2008-12-12 11:55 <DIR> d-------- c:\program files\Java
2008-12-12 11:52 . 2008-12-12 11:52 <DIR> d-------- c:\program files\Trend Micro
2008-12-12 11:16 . 2008-12-12 11:16 <DIR> d-------- c:\program files\Avira
2008-12-12 11:16 . 2008-12-12 11:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-02 10:46 . 2008-12-05 12:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 10:46 . 2008-12-02 10:46 <DIR> d-------- c:\documents and settings\bjrittman\Application Data\Malwarebytes
2008-12-02 10:46 . 2008-12-02 10:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 10:46 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 10:46 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-02 10:06 . 2008-12-02 10:14 <DIR> d-------- C:\Temp
2008-12-01 17:30 . 2008-12-08 07:06 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-29 21:57 . 2008-11-29 21:57 <DIR> d-------- c:\documents and settings\bjrittman\Application Data\FastStone
2008-11-29 21:56 . 2008-11-29 21:56 <DIR> d-------- c:\program files\FastStone Image Viewer
2008-11-12 06:33 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 06:33 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-12-30 19:31 --------- d-----w c:\program files\ScanSoft
2008-12-30 19:31 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-12-12 19:43 --------- d-----w c:\program files\RGB
2008-12-12 19:38 --------- d-----w c:\program files\GemMaster
2008-10-31 05:54 --------- d-----r c:\documents and settings\bjrittman\Application Data\Brother
2006-04-22 00:43 2,895,168 ----a-w c:\program files\FoxitReader.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-15_ 8.22.48.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 06:16:11 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2008-12-21 05:53:46 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2008-07-13 06:16:11 864,256 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2008-12-21 05:53:46 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2008-07-13 06:16:11 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2008-12-21 05:53:46 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2005-08-05 21:01:54 239,104 ------w c:\windows\Driver Cache\i386\psisdecd.dll
+ 2006-10-10 00:12:14 235,008 ------w c:\windows\Driver Cache\i386\psisdecd.dll
- 2005-10-11 15:39:38 1,863,680 ----a-w c:\windows\ehome\ehcm.dll
+ 2006-10-10 00:16:00 1,863,680 ----a-w c:\windows\ehome\ehcm.dll
- 2005-10-11 15:32:46 864,256 ----a-w c:\windows\ehome\ehepg.dll
+ 2006-10-10 00:07:44 868,352 ----a-w c:\windows\ehome\ehepg.dll
- 2005-10-11 15:40:36 332,288 ----a-w c:\windows\ehome\ehglid.dll
+ 2006-10-10 00:17:04 328,704 ----a-w c:\windows\ehome\ehglid.dll
- 2004-08-10 11:11:48 178,688 ----a-w c:\windows\ehome\ehkeyctl.dll
+ 2006-10-10 00:18:32 178,176 ----a-w c:\windows\ehome\ehkeyctl.dll
- 2005-10-11 15:43:18 3,219,456 ----a-w c:\windows\ehome\ehshell.exe
+ 2006-10-10 00:19:14 3,223,552 ----a-w c:\windows\ehome\ehshell.exe
- 2005-08-05 21:01:58 492,032 ----a-w c:\windows\ehome\ehui.dll
+ 2006-10-10 00:16:30 558,592 ----a-w c:\windows\ehome\ehui.dll
- 2005-08-05 20:06:02 105,984 ------w c:\windows\ehome\mstvcapn.dll
+ 2006-10-10 00:12:52 107,008 ------w c:\windows\ehome\mstvcapn.dll
+ 2008-10-17 10:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2004-08-10 11:00:00 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-27 06:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
+ 2008-12-30 19:31:34 53,248 ----a-r c:\windows\Installer\{1F574BD4-0F5E-47FB-9B25-E9C529710096}\_5C75F38320E5_4E26_9A66_ABA5A3D2E963.exe
+ 2008-12-30 19:31:34 3,822 ----a-r c:\windows\Installer\{1F574BD4-0F5E-47FB-9B25-E9C529710096}\Op.exe
- 2004-08-10 11:00:00 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2006-10-19 05:47:08 7,168 ----a-w c:\windows\system32\asferror.dll
- 2004-08-10 11:00:00 480,768 ----a-w c:\windows\system32\audiodev.dll
+ 2006-10-19 05:47:08 276,992 ----a-w c:\windows\system32\audiodev.dll
- 2006-03-03 12:26:29 429,056 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-19 05:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2005-08-04 01:29:52 207,872 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-19 05:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2004-08-10 11:00:00 8,192 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-10-19 05:47:08 7,168 -c--a-w c:\windows\system32\dllcache\asferror.dll
- 2006-03-03 12:26:29 429,056 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-19 05:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2005-08-04 01:29:52 207,872 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-19 05:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2006-03-03 12:26:57 581,632 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-19 05:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2005-10-11 15:39:38 1,863,680 -c--a-w c:\windows\system32\dllcache\ehcm.dll
+ 2006-10-10 00:16:00 1,863,680 -c--a-w c:\windows\system32\dllcache\ehcm.dll
- 2005-10-11 15:32:46 864,256 -c--a-w c:\windows\system32\dllcache\ehepg.dll
+ 2006-10-10 00:07:44 868,352 -c--a-w c:\windows\system32\dllcache\ehepg.dll
- 2004-08-10 11:11:48 269,312 -c--a-w c:\windows\system32\dllcache\ehglid.dll
+ 2006-10-10 00:17:04 328,704 -c--a-w c:\windows\system32\dllcache\ehglid.dll
- 2005-10-11 15:43:18 3,219,456 -c--a-w c:\windows\system32\dllcache\ehshell.exe
+ 2006-10-10 00:19:14 3,223,552 -c--a-w c:\windows\system32\dllcache\ehshell.exe
- 2005-08-05 21:01:58 492,032 -c--a-w c:\windows\system32\dllcache\ehui.dll
+ 2006-10-10 00:16:30 558,592 -c--a-w c:\windows\system32\dllcache\ehui.dll
- 2005-08-05 21:01:54 356,352 -c--a-w c:\windows\system32\dllcache\encdec.dll
+ 2006-10-10 00:12:44 456,192 -c--a-w c:\windows\system32\dllcache\encdec.dll
- 2005-08-04 01:29:52 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-19 05:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2008-06-11 10:47:52 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 09:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-10 11:00:00 310,272 -c--a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-19 05:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2004-08-10 11:00:00 384,512 -c--a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 05:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 00:11:57 240,640 -c--a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 05:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2004-08-10 11:00:00 356,352 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-10-19 05:47:14 243,712 -c--a-w c:\windows\system32\dllcache\mpvis.dll
- 2008-10-17 10:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2005-08-04 01:29:52 115,200 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-19 05:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2005-08-04 01:29:52 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 05:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2005-08-04 01:29:52 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-19 05:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2005-08-04 01:29:52 353,520 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-05 00:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2005-10-11 15:39:32 1,669,120 -c--a-w c:\windows\system32\dllcache\msvidctl.dll
+ 2006-10-10 00:15:52 1,669,632 -c--a-w c:\windows\system32\dllcache\msvidctl.dll
- 2005-08-04 01:29:52 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-19 05:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
- 2005-08-05 21:01:54 239,104 -c----w c:\windows\system32\dllcache\psisdecd.dll
+ 2006-10-10 00:12:14 235,008 -c----w c:\windows\system32\dllcache\psisdecd.dll
- 2005-08-04 01:29:52 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-19 05:47:18 211,456 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2005-08-05 21:01:54 282,112 -c--a-w c:\windows\system32\dllcache\sbe.dll
+ 2006-10-10 00:12:40 291,840 -c--a-w c:\windows\system32\dllcache\sbe.dll
- 2006-10-02 21:30:10 819,200 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-02 02:31:38 1,669,120 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
- 2004-08-10 11:00:00 192,512 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2007-06-27 06:10:26 317,440 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2005-08-04 01:29:52 359,936 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-19 05:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2005-08-04 01:29:52 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-19 05:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2007-10-28 01:39:46 228,864 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-28 01:40:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2005-08-04 01:29:52 29,184 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-19 05:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2005-08-04 01:29:52 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-19 05:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2004-08-10 11:00:00 189,440 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-10-19 05:47:20 227,328 -c--a-w c:\windows\system32\dllcache\wmerror.dll
- 2005-08-04 01:29:52 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-19 05:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2008-06-11 10:58:16 988,672 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-18 13:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2007-04-30 15:20:24 5,537,792 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-12 07:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2004-08-10 11:00:00 131,072 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-19 05:47:20 242,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
- 2004-08-10 11:00:00 77,824 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-10-19 05:47:20 96,256 -c--a-w c:\windows\system32\dllcache\wmpband.dll
- 2004-08-10 11:00:00 278,528 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-19 05:47:20 314,880 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2005-06-24 01:09:49 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-10-19 05:46:20 64,000 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
- 2005-06-24 01:15:30 3,371,008 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-10-19 05:47:20 8,231,936 -c--a-w c:\windows\system32\dllcache\wmploc.dll
- 2004-08-10 11:00:00 81,920 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-10-19 05:47:20 99,840 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
- 2005-08-04 01:29:52 771,584 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-19 05:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2005-08-04 01:29:52 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 05:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2005-08-04 01:29:54 407,552 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-19 05:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2005-08-04 01:29:54 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 05:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2008-06-11 10:58:24 2,330,624 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-06-18 13:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2005-08-04 01:29:54 826,368 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-19 05:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2005-08-04 01:29:54 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 05:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 05:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2006-03-03 12:33:01 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-19 04:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-29 02:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-29 03:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
- 2005-08-04 01:29:52 178,936 ----a-w c:\windows\system32\drmupgds.exe
+ 2006-10-19 04:00:46 249,856 ----a-w c:\windows\system32\drmupgds.exe
- 2006-03-03 12:26:57 581,632 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-19 05:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2005-08-05 21:01:54 356,352 ----a-w c:\windows\system32\encdec.dll
+ 2006-10-10 00:12:44 456,192 ----a-w c:\windows\system32\encdec.dll
+ 1996-10-15 17:53:16 14,160 ----a-w c:\windows\system32\HLINKPRX.DLL
+ 1996-10-15 17:53:16 78,848 ----a-w c:\windows\system32\INLOADER.DLL
- 2008-12-14 14:22:03 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
+ 2008-12-30 13:59:36 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
- 2005-08-04 01:29:52 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-19 05:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2008-06-11 10:47:52 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 09:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2005-08-04 01:29:52 106,496 ----a-w c:\windows\system32\mfplat.dll
+ 2006-10-19 05:47:14 212,992 ----a-w c:\windows\system32\MFPLAT.dll
+ 2006-10-19 05:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2004-08-10 11:00:00 310,272 ----a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-19 05:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-19 05:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2004-08-10 11:00:00 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-19 05:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-19 05:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2008-04-14 00:11:57 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-19 05:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 23:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2008-10-17 10:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2005-08-04 01:29:52 115,200 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-19 05:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2005-08-04 01:29:52 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-19 05:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2005-08-04 01:29:52 173,568 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-19 05:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2005-08-04 01:29:52 353,520 ----a-w c:\windows\system32\MSSCP.dll
+ 2006-12-05 00:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2005-08-04 01:29:52 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-19 05:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-19 05:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-19 05:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 05:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 05:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 05:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2005-08-05 21:01:54 239,104 ------w c:\windows\system32\psisdecd.dll
+ 2006-10-10 00:12:14 235,008 ------w c:\windows\system32\psisdecd.dll
- 2005-08-04 01:29:52 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-19 05:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 18:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2005-08-04 01:29:52 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2006-10-19 05:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2005-08-04 01:29:52 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2006-10-19 05:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2005-08-04 01:29:52 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-19 05:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2005-08-04 01:29:52 359,936 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-19 05:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2005-08-04 01:29:52 716,288 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-19 05:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2007-10-28 01:39:46 228,864 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-28 01:40:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2005-08-04 01:29:52 29,184 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-19 05:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2005-08-04 01:29:52 37,376 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-19 05:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2005-08-04 01:29:52 344,064 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-19 05:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2005-08-04 01:29:52 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-19 05:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
- 2005-08-04 01:29:52 180,224 ----a-w c:\windows\system32\wmdrmsdk.dll
+ 2006-10-19 05:47:20 535,040 ----a-w c:\windows\system32\wmdrmsdk.dll
- 2004-08-10 11:00:00 189,440 ----a-w c:\windows\system32\wmerror.dll
+ 2006-10-19 05:47:20 227,328 ----a-w c:\windows\system32\wmerror.dll
- 2005-08-04 01:29:52 150,016 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-19 05:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2008-06-11 10:58:16 988,672 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2008-06-18 13:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2007-04-30 15:20:24 5,537,792 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-12 07:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2004-08-10 11:00:00 131,072 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-19 05:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-10 11:00:00 278,528 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-19 05:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2008-06-25 02:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
- 2004-08-10 11:00:00 1,582,080 ----a-w c:\windows\system32\wmpencen.dll
+ 2006-10-19 05:47:20 1,661,440 ----a-w c:\windows\system32\wmpencen.dll
- 2005-06-24 01:15:30 3,371,008 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-19 05:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-19 05:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-19 05:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2004-08-10 11:00:00 81,920 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-19 05:47:20 99,840 ----a-w c:\windows\system32\wmpshell.dll
- 2004-08-10 11:00:00 174,080 ----a-w c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 05:47:20 204,288 ----a-w c:\windows\system32\wmpsrcwp.dll
- 2005-08-04 01:29:52 771,584 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-19 05:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2005-08-04 01:29:52 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-19 05:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2005-08-04 01:29:54 407,552 ----a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-19 05:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2005-08-04 01:29:54 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-19 05:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2005-08-04 01:29:54 1,216,000 ----a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-19 05:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2005-08-04 01:29:54 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-19 05:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2008-06-11 10:58:24 2,330,624 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-19 05:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2005-08-04 01:29:54 826,368 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-19 05:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2005-08-04 01:29:54 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-19 05:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-19 05:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 05:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 05:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-19 05:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2006-03-03 12:33:09 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-19 05:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2006-03-03 12:32:57 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2006-10-19 05:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2006-03-03 12:33:00 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-19 05:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2006-03-03 12:33:00 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 05:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 05:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-19 04:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-19 05:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-19 05:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2006-03-03 12:33:10 329,728 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-10-19 05:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-29 04:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-29 02:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-29 02:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 02:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-29 02:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
+ 2008-12-30 19:56:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5cc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search 2 "= "c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 1514016]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-06-23 282624]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"Opware15 "= "c:\program files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-05 69632]
"ScanSoft OmniPage 15.0-reminder "= "c:\program files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" [2005-06-03 729088]
"PDF3 Registry Controller "= "c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 106496]
"BrStsWnd "= "c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"Omnipage "= "c:\program files\ScanSoft\TextBridgePro11.0\opware32.exe" [2002-05-23 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=aeazhu.dll nehqoq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R2 MBAMService;MBAMService; "c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-02 170640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-02 15504]
S2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for bjrittman.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 19:52]

2008-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{fa45ba80-856a-405a-b840-d5c04028c842} - c:\windows\system32\nehqoq.dll

.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
FF - ProfilePath - c:\documents and settings\bjrittman\Application Data\Mozilla\Firefox\Profiles\y1nml0t2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 12:00:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-12-30 12:02:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 20:02:19
ComboFix2.txt 2008-12-15 16:23:27

Pre-Run: 146,943,234,048 bytes free
Post-Run: 146,889,244,672 bytes free

425 --- E O F --- 2008-12-23 14:50:10

noahdfear · 2008/12/30

Looks good. Provided everything appears to be working normally, lets cleanup. Open MBAM and remove any items quarantined. Do the same with your resident antivirus.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

psaulm119 · 2009/01/01

Done. thanks a alot for your time.

noahdfear · 2009/01/08

"psaulm119 said: ↑

as soon as I right-click, the cmd window closes and I get the peek text. I am never given an option to paste, although it appears that something is being pasted, before the cmd window closes.
Click to expand...

Figured out what is causing this. Open a command window then right click on it's taskbar icon and select Properties.
Select the Options tab
Clear the checkbox labled Quick Edit Mode and click OK
Select Save properties for future windows with the same title then click OK on the popup.

You will now have the option to right click and paste text into a command window.

Log in or Sign up

Active Mirar removal

noahdfear Inactive

psaulm119 Geek Member Thread Starter

noahdfear Inactive

psaulm119 Geek Member Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Active Mirar removal

noahdfear Inactive

psaulm119 Geek Member Thread Starter

noahdfear Inactive

psaulm119 Geek Member Thread Starter

noahdfear Inactive

Share This Page

Useful Searches