Help2Go
Free Computer Help.
Powered by Volunteers.
- Home
- Tutorials
- Computer Help
- Spyware Help
- All Forums


- Home
- Forums Home
- Tutorials
- Get Computer Help
- Spyware Help
- Help2Go Detective
- SuperAntiSpyware
- Software Picks
- Newsletter
- Testimonials
- Donate
- Search Tutorials
- Search Forums


Home

These forums have moved!

Click here to view the new, updated Help2Go

Hijackthis, Combofix Logs. Help.


Goto page 1, 2  Next
   Help2Go Forum Index -> Spyware Help
View previous topic :: View next topic  
Author Message
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Thu 01/04/2007 2:42am [Post #1]
Computer freezes, constant pop-outs,

Below are the Hijackthis Log and Combofix Log. Please help.
 
This post has: 0 recommendations

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Thu 01/04/2007 2:43am [Post #2]
Logfile of HijackThis v1.99.1
Scan saved at 11:32:19 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krakadil.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Solm] "C:\PROGRA~1\CROSOF~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Fsgqlooa] C:\Program Files\Common Files\s?mbols\netdde.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083 .cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/W inSSWebAgent.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.ca b
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.c ab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann er/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?1141102398734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro ls/en/x86/client/muweb_site.cab?1141102734953
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab53083. cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab530 83.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.c ab
O16 - DPF: {FAB8A8E6-219A-4C0A-AD91-BF4AB3947D6B} - file://C:\DOCUME~1\Krakadil\LOCALS~1\Temp\achat_default -3.2.0.20.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
 
This post has: 0 recommendations

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Thu 01/04/2007 2:44am [Post #3]
Krakadil - 07-01-03 23:10:33.43 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Krakadil\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\APPATC~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\MANTEC~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SEMBLY~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SSEMBL~1
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1\netdde.exe
C:\QooBox\Purity\Program Files\CROSOF~1\CROSOF~1
C:\QooBox\Purity\Program Files\CROSOF~1\winlogon.exe
C:\QooBox\Purity\WINDOWS\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\ICROSO~2.NET
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\PPPATC~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\TSKS~1
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 ))))))))))))))))))))))))))))))))))


2007-01-03 10:35 57,856 --a------ C:\WINDOWS\system32\y bef.dll
2007-01-03 10:29 d-------- C:\Program Files\HijackThis
2007-01-03 10:29 d-------- C:\hijackthis
2006-12-27 19:49 d-------- C:\Program Files\àdobe
2006-12-26 18:58 d-------- C:\Program Files\Outerinfo
2006-12-24 18:02 d-------- C:\Program Files\Hero Editor
2006-12-24 18:01 73,216 --a------ C:\WINDOWS\ST6UNST.EX E
2006-12-24 18:01 249,856 --------- C:\WINDOWS\Setup1.ex e
2006-12-23 20:14 43,520 --a------ C:\WINDOWS\system32\C mdLineExt03.dll
2006-12-20 15:54 21,840 --a------ C:\WINDOWS\system32\S IntfNT.dll
2006-12-20 15:54 17,212 --a------ C:\WINDOWS\system32\S Intf32.dll
2006-12-20 15:54 12,067 --a------ C:\WINDOWS\system32\S Intf16.dll
2006-12-20 15:47 94,208 --a------ C:\WINDOWS\DIIUnin.ex e
2006-12-20 15:47 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-12-20 15:43 d-------- C:\Program Files\Diablo II
2006-12-19 18:12 d-------- C:\Program Files\PixRevcache
2006-12-19 18:12 d-------- C:\Program Files\PixRev
2006-12-18 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-08 21:04 d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-08 21:04 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-08 20:54 d-------- C:\Program Files\SpywareBlaster
2006-12-08 15:08 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-08 15:07 349,760 --a------ C:\WINDOWS\system32\ mcinsctl.dll
2006-12-08 15:07 288,320 --a------ C:\WINDOWS\system32\ mcgdmgr.dll
2006-12-08 15:07 d-------- C:\Program Files\McAfee.com
2006-12-08 15:07 d-------- C:\Program Files\McAfee
2006-12-08 15:07 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-03 22:43 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-03 10:36 2 --a------ C:\WINDOWS\system32\wapisvit.exe
2007-01-03 10:35 -------- d-------- C:\Program Files\Common Files
2007-01-03 09:15 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-12-21 20:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dl l
2006-12-18 17:04 -------- d-------- C:\Program Files\eMule
2006-12-14 08:22 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 08:22 -------- d-------- C:\Program Files\Common Files\System
2006-12-11 22:01 -------- d-------- C:\Program Files\Full Tilt Poker
2006-12-08 14:57 -------- d-------- C:\Program Files\Folder
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 22:02 -------- d-------- C:\Program Files\QuickTime Alternative
2006-11-27 22:02 -------- d-------- C:\Program Files\iTunes
2006-11-27 22:02 -------- d-------- C:\Program Files\iPod
2006-11-22 21:38 -------- d-------- C:\Program Files\Common Files\àdobe
2006-11-21 20:39 -------- d-------- C:\Program Files\Internet Explorer
2006-11-20 18:23 -------- d-------- C:\Program Files\ICTS-WinTrader
2006-11-15 18:21 -------- d-------- C:\Program Files\DVD Shrink
2006-11-15 17:24 -------- d-------- C:\Program Files\Fidelity Investments
2006-11-15 17:24 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-11-15 16:51 -------- d-------- C:\Program Files\CandleWorks
2006-11-15 02:07 -------- d-------- C:\Documents and Settings\Krakadil\Application Data\VMware
2006-11-11 19:14 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2006-11-10 22:13 -------- d-------- C:\Program Files\PCFriendly
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 14:23 619352 --a------ C:\WINDOWS\system32\WINSSWEBAGEN T.DLL
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj. exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.e xe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-09 20:42 295 --a------ C:\WINDOWS\system32\edlm.exe
2006-10-09 20:42 213 --a------ C:\WINDOWS\system32\edlm2.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\ " -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Solm"="\"C:\\PROGRA~1\\CROSOF~1\\winlogon.exe\" -vt ndrv"
"Fsgqlooa"="C:\\Program Files\\Common Files\\s?mbols\\netdde.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run]
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent. exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdat e.exe"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\masaler t.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,0 6,00,00,92,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,0 0,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,0 0,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,0 0,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\current version\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\current version\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b1
"NoSharedDocuments"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\current version\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\current version\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31 a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f -84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="LocationFinder"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="ICQNet"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ICQ\\ICQNet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nhrukio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="regsvr32"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\M?crosoft\\regsvr32.e xe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NVMixerTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ryi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="wucrtupd"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?racle\\wucrtupd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Solm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="winlogon"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\CROSOF~1\\winlogon.exe\" -vt ndrv"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\Goo gleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tevb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="csrss"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Krakadil\\My Documents\\??sembly\\csrss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uxrn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="spoolsv"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?ymantec\\spoolsv.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109 a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="gnotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\se curityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee AntiSpyware.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-03 23:11:54.89
C:\ComboFix.txt ... 07-01-03 23:11
C:\ComboFix2.txt ... 07-01-03 10:36
 
This post has: 0 recommendations

Back to top
steamwiz
Supreme Guru


Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
http://www.help2go.com/co
Posted: Thu 01/04/2007 3:23pm [Post #4]
Hi

What are the pop-ups for ?

You appear to be running 2 anti-virus ... please only run one or they may conflict...

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

R3 - URLSearchHook: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll

O2 - BHO: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll

O4 - HKCU\..\Run: [Solm] "C:\PROGRA~1\CROSOF~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Fsgqlooa] C:\Program Files\Common Files\s?mbols\netdde.exe

O16 - DPF: {FAB8A8E6-219A-4C0A-AD91-BF4AB3947D6B} - file://C:\DOCUME~1\Krakadil\LOCALS~1\Temp\achat_default -3.2.0.20.cab

O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)


Reboot then find and delete :-

C:\WINDOWS\system32\ybef.dll ... file

-
What is in this folder ?

C:\Program Files\Outerinfo

-
Please go here and upload this file ...

C:\WINDOWS\system32\wapisvit.exe

http://www.virustotal.com/flash/index_en.html

Click the browse button & browse to the file on your computer

Post back the results

steam
_________________
Look here for Ways to keep your computer safe

M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE
 
This post has: 1 recommendation

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Thu 01/04/2007 10:44pm [Post #5]
Done everything as advised. IE keeps freezing. Don't see any pop-outs yet.

C:\Program Files\Outerinfo is Clickspring and OIN Search. I get pop-outs from them.

Couldn't find C:\WINDOWS\system32\ybef.dll


Complete scanning result of "wapisvit.exe_", received in VirusTotal at 01.05.2007, 04:15:01 (CET).

eSafe 7.0.14.0 01.04.2007 Win32.Xorpix.al
Ewido 4.0 01.04.2007 Trojan.Small
Prevx1 V2 01.05.2007 Polymorphic Trojans



Thank you.
 
This post has: 0 recommendations

Back to top
steamwiz
Supreme Guru


Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
http://www.help2go.com/co
Posted: Fri 01/05/2007 12:51pm [Post #6]
nikitka wrote:

C:\Program Files\Outerinfo is Clickspring and OIN Search. I get pop-outs from them.

Thank you.


Yes I know what Outerinfo is Wink ... but what files are in the folder ?

Find & delete this file :-

C:\WINDOWS\system32\wapisvit.exe

I take it the other scanners at virus total found nothing in the file ?

-
Please run this next :-

Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

---
Then please post a new hijackthis log

& a new combofix log

steam
_________________
Look here for Ways to keep your computer safe

M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE
 
This post has: 1 recommendation

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Sat 01/06/2007 5:49am [Post #7]
Outerinfo folder has 3 files:
OiUninstaller.exe
outerinfo.ico
Terms.rtf

I can't delete C:\WINDOWS\system32\wapisvit.exe because it is being used. Even in Safe Mode.

Thank you.
 
This post has: 0 recommendations

Back to top
steamwiz
Supreme Guru


Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
http://www.help2go.com/co
Posted: Sat 01/06/2007 12:20pm [Post #8]
Hi

Go to > Start > Control Panel > Add or Remove Programs > and uninstall

Outerinfo
OIN Search
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.

-
THEN

1. Download Pocket KillBox .. http://www.help2go.com/modules.php?name=Forums&file=dow nload&id=378 (unzip to the desktop)

2. Run the Killbox.exe file

check the box "Delete on Reboot"

copy and paste the following bold line into the "Full Path of File to Delete" box in Killbox..

C:\WINDOWS\system32\wapisvit.exe

click the red button with the white X on it.

Say yes to "delete on reboot" - then say "yes" to reboot now...

Let it reboot - If you get a PendingOperations message (reboot manually) ...

Run hijackthis and post a new log

-
Check to see that wapisvit.exe has been deleted.

Delete the folder C:\Program Files\Outerinfo (if it still exists)


let us know if you are still having any problems...

steam
_________________
Look here for Ways to keep your computer safe

M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE
 
This post has: 1 recommendation

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Sat 01/06/2007 4:36pm [Post #9]
Everything completed. So far the system seems to be running smoothly. Below is the new Hijackthis and Combofix logs. Thank you!
 
This post has: 0 recommendations

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Sat 01/06/2007 4:37pm [Post #10]
Logfile of HijackThis v1.99.1
Scan saved at 1:28:17 PM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krakadil.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083 .cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.ca b
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.c ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?1141102398734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro ls/en/x86/client/muweb_site.cab?1141102734953
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab53083. cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab530 83.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.c ab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
 
This post has: 0 recommendations

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Sat 01/06/2007 4:37pm [Post #11]
Krakadil - 07-01-06 13:25:01.04 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Krakadil\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\APPATC~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\MANTEC~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SEMBLY~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SSEMBL~1
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1\netdde.exe
C:\QooBox\Purity\Program Files\CROSOF~1\CROSOF~1
C:\QooBox\Purity\Program Files\CROSOF~1\winlogon.exe
C:\QooBox\Purity\WINDOWS\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\ICROSO~2.NET
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\PPPATC~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\TSKS~1
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))


2007-01-06 13:22 dr-h----- C:\Documents and Settings\Krakadil\Recent
2007-01-06 13:18 d-------- C:\Program Files\CCleaner
2007-01-06 13:15 d-------- C:\WINDOWS\system32\appmgmt
2007-01-03 10:29 d-------- C:\Program Files\HijackThis
2007-01-03 10:29 d-------- C:\hijackthis
2006-12-27 19:49 d-------- C:\Program Files\àdobe
2006-12-24 18:02 d-------- C:\Program Files\Hero Editor
2006-12-24 18:01 73,216 --a------ C:\WINDOWS\ST6UNST.EX E
2006-12-24 18:01 249,856 --------- C:\WINDOWS\Setup1.ex e
2006-12-23 20:14 43,520 --a------ C:\WINDOWS\system32\C mdLineExt03.dll
2006-12-20 15:54 21,840 --a------ C:\WINDOWS\system32\S IntfNT.dll
2006-12-20 15:54 17,212 --a------ C:\WINDOWS\system32\S Intf32.dll
2006-12-20 15:54 12,067 --a------ C:\WINDOWS\system32\S Intf16.dll
2006-12-20 15:47 94,208 --a------ C:\WINDOWS\DIIUnin.ex e
2006-12-20 15:47 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-12-20 15:43 d-------- C:\Program Files\Diablo II
2006-12-19 18:12 d-------- C:\Program Files\PixRevcache
2006-12-19 18:12 d-------- C:\Program Files\PixRev
2006-12-18 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-08 21:04 d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-08 21:04 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-08 15:08 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-08 15:07 d-------- C:\Program Files\McAfee
2006-12-08 15:07 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-06 13:16 -------- d-------- C:\Program Files\Windows Live Safety Center
2007-01-06 04:10 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-03 10:35 -------- d-------- C:\Program Files\Common Files
2006-12-21 20:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dl l
2006-12-18 17:04 -------- d-------- C:\Program Files\eMule
2006-12-14 08:22 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 08:22 -------- d-------- C:\Program Files\Common Files\System
2006-12-11 22:01 -------- d-------- C:\Program Files\Full Tilt Poker
2006-12-08 14:57 -------- d-------- C:\Program Files\Folder
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 22:02 -------- d-------- C:\Program Files\QuickTime Alternative
2006-11-27 22:02 -------- d-------- C:\Program Files\iTunes
2006-11-27 22:02 -------- d-------- C:\Program Files\iPod
2006-11-22 21:38 -------- d-------- C:\Program Files\Common Files\àdobe
2006-11-21 20:39 -------- d-------- C:\Program Files\Internet Explorer
2006-11-20 18:23 -------- d-------- C:\Program Files\ICTS-WinTrader
2006-11-15 18:21 -------- d-------- C:\Program Files\DVD Shrink
2006-11-15 17:24 -------- d-------- C:\Program Files\Fidelity Investments
2006-11-15 17:24 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-11-15 16:51 -------- d-------- C:\Program Files\CandleWorks
2006-11-15 02:07 -------- d-------- C:\Documents and Settings\Krakadil\Application Data\VMware
2006-11-11 19:14 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2006-11-10 22:13 -------- d-------- C:\Program Files\PCFriendly
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj. exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.e xe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-09 20:42 295 --a------ C:\WINDOWS\system32\edlm.exe
2006-10-09 20:42 213 --a------ C:\WINDOWS\system32\edlm2.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run]
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,0 6,00,00,92,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,0 0,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,0 0,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,0 0,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\current version\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\current version\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b1
"NoSharedDocuments"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\current version\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\current version\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentv ersion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31 a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f -84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="LocationFinder"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="ICQNet"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ICQ\\ICQNet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nhrukio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="regsvr32"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\M?crosoft\\regsvr32.e xe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="NVMixerTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ryi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="wucrtupd"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?racle\\wucrtupd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Solm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="winlogon"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\CROSOF~1\\winlogon.exe\" -vt ndrv"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\Goo gleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tevb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="csrss"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Krakadil\\My Documents\\??sembly\\csrss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uxrn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="spoolsv"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?ymantec\\spoolsv.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109 a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="gnotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\se curityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-06 13:27:04.34
C:\ComboFix.txt ... 07-01-06 13:27
C:\ComboFix2.txt ... 07-01-03 23:11
C:\ComboFix3.txt ... 07-01-03 10:36
 
This post has: 0 recommendations

Back to top
steamwiz
Supreme Guru


Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
http://www.help2go.com/co
Posted: Sat 01/06/2007 6:32pm [Post #12]
HI

Just a couple of things ...

You have these Purityscan/Outerinfo run keys unticked in msconfig

Now that the files are safely Quarantined in C:\QooBox\Purity

these :-

C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nhrukio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="regsvr32"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\M?crosoft\\regsvr32.e xe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ryi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="wucrtupd"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?racle\\wucrtupd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Solm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="winlogon"
"hkey"="HKCU"
"command"=""C:\\PROGRA~1\\CROSOF~1\\winlogon.exe" -vt ndrv"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tevb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="csrss"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Krakadil\\My Documents\\??sembly\\csrss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uxrn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ru n"
"item"="spoolsv"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\?ymantec\\spoolsv.exe "
"inimapping"="0"

---
Please go to msconfig > startup tab & re-tick :-

Nhrukio
Ryi
Solm
Tevb
Uxrn

Reboot ...

run hijackthis and look for the O4 entries with the above 5 names...

Place a checkmark next to all 5 & click "fix checked"

Then find & delete the C:\QooBox ... folder

Reboot once again...

post a new hijackthis log & a new combofix log (to confirm they are now clean)

You will then have just one thing left to do ... update java ... I'll tell you how to do that when you post back.

steam
_________________
Look here for Ways to keep your computer safe

M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE
 
This post has: 1 recommendation

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Sun 01/07/2007 2:52am [Post #13]
Logfile of HijackThis v1.99.1
Scan saved at 11:43:12 PM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krakadil.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083 .cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.ca b
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.c ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?1141102398734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro ls/en/x86/client/muweb_site.cab?1141102734953
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab53083. cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab530 83.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.c ab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
 
This post has: 0 recommendations

Back to top
nikitka
Member


Joined: 09 Dec 2006
Posts: 13
Points: 0

blank.gif
Posted: Sun 01/07/2007 2:54am [Post #14]
Krakadil - 07-01-06 23:44:32.92 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Krakadil\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))


2007-01-06 13:22 dr-h----- C:\Documents and Settings\Krakadil\Recent
2007-01-06 13:18 d-------- C:\Program Files\CCleaner
2007-01-06 13:15 d-------- C:\WINDOWS\system32\appmgmt
2007-01-03 10:29 d-------- C:\Program Files\HijackThis
2007-01-03 10:29 d-------- C:\hijackthis
2006-12-27 19:49 d-------- C:\Program Files\àdobe
2006-12-24 18:02 d-------- C:\Program Files\Hero Editor
2006-12-24 18:01 73,216 --a------ C:\WINDOWS\ST6UNST.EX E
2006-12-24 18:01 249,856 --------- C:\WINDOWS\Setup1.ex e
2006-12-23 20:14 43,520 --a------ C:\WINDOWS\system32\C mdLineExt03.dll
2006-12-20 15:54 21,840 --a------ C:\WINDOWS\system32\S IntfNT.dll
2006-12-20 15:54 17,212 --a------ C:\WINDOWS\system32\S Intf32.dll
2006-12-20 15:54 12,067 --a------ C:\WINDOWS\system32\S Intf16.dll
2006-12-20 15:47 94,208 --a------ C:\WINDOWS\DIIUnin.ex e
2006-12-20 15:47 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-12-20 15:43 d-------- C:\Program Files\Diablo II
2006-12-19 18:12 d-------- C:\Program Files\PixRevcache
2006-12-19 18:12 d-------- C:\Program Files\PixRev
2006-12-18 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-08 21:04 d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-08 21:04 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-08 15:08 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-08 15:07 d-------- C:\Program Files\McAfee
2006-12-08 15:07 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-06 13:16 -------- d-------- C:\Program Files\Windows Live Safety Center
2007-01-06 04:10 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-03 10:35 -------- d-------- C:\Program Files\Common Files
2006-12-21 20:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dl l
2006-12-18 17:04 -------- d-------- C:\Program Files\eMule
2006-12-14 08:22 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 08:22 -------- d-------- C:\Program