Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default Hijackthis, Combofix Logs. Help.

    Computer freezes, constant pop-outs,

    Below are the Hijackthis Log and Combofix Log. Please help.

  2. #2
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 11:32:19 PM, on 1/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krakadil.com/portal/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Solm] "C:\PROGRA~1\CROSOF~1\winlogon.exe" -vt ndrv
    O4 - HKCU\..\Run: [Fsgqlooa] C:\Program Files\Common Files\s?mbols\netdde.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab53083.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab53083.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab53083.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141102398734
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141102734953
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab53083.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab53083.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab53852.cab
    O16 - DPF: {FAB8A8E6-219A-4C0A-AD91-BF4AB3947D6B} - file://C:\DOCUME~1\Krakadil\LOCALS~1\Temp\achat_default-3.2.0.20.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
    O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

  3. #3
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default

    Krakadil - 07-01-03 23:10:33.43 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Krakadil\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\APPATC~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\CURITY~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\FNTS~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\ICROSO~1.NET
    C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\MCROSO~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\Application Data\RACLE~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\ICROSO~1.NET
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\MANTEC~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\MBOLS~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\RACLE~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SEMBLY~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SMBOLS~1
    C:\QooBox\Purity\Documents and Settings\Krakadil\My Documents\SSEMBL~1
    C:\QooBox\Purity\Program Files\CROSOF~1
    C:\QooBox\Purity\Program Files\SCURIT~1
    C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
    C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
    C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1\netdde.exe
    C:\QooBox\Purity\Program Files\CROSOF~1\CROSOF~1
    C:\QooBox\Purity\Program Files\CROSOF~1\winlogon.exe
    C:\QooBox\Purity\WINDOWS\ICROSO~1.NET
    C:\QooBox\Purity\WINDOWS\ICROSO~2.NET
    C:\QooBox\Purity\WINDOWS\SKS~1
    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
    C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
    C:\QooBox\Purity\WINDOWS\system32\ICROSO~1
    C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
    C:\QooBox\Purity\WINDOWS\system32\PPPATC~1
    C:\QooBox\Purity\WINDOWS\system32\RACLE~1
    C:\QooBox\Purity\WINDOWS\system32\TSKS~1
    C:\QooBox\Purity\WINDOWS\system32\YMANTE~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 ))))))))))))))))))))))))))))))))))


    2007-01-03 10:35 57,856 --a------ C:\WINDOWS\system32\ybef.dll
    2007-01-03 10:29 d-------- C:\Program Files\HijackThis
    2007-01-03 10:29 d-------- C:\hijackthis
    2006-12-27 19:49 d-------- C:\Program Files\*dobe
    2006-12-26 18:58 d-------- C:\Program Files\Outerinfo
    2006-12-24 18:02 d-------- C:\Program Files\Hero Editor
    2006-12-24 18:01 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2006-12-24 18:01 249,856 --------- C:\WINDOWS\Setup1.exe
    2006-12-23 20:14 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2006-12-20 15:54 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
    2006-12-20 15:54 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
    2006-12-20 15:54 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
    2006-12-20 15:47 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2006-12-20 15:47 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2006-12-20 15:43 d-------- C:\Program Files\Diablo II
    2006-12-19 18:12 d-------- C:\Program Files\PixRevcache
    2006-12-19 18:12 d-------- C:\Program Files\PixRev
    2006-12-18 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2006-12-08 21:04 d-------- C:\Program Files\Spybot - Search & Destroy
    2006-12-08 21:04 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-08 20:54 d-------- C:\Program Files\SpywareBlaster
    2006-12-08 15:08 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2006-12-08 15:07 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
    2006-12-08 15:07 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
    2006-12-08 15:07 d-------- C:\Program Files\McAfee.com
    2006-12-08 15:07 d-------- C:\Program Files\McAfee
    2006-12-08 15:07 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-03 22:43 -------- d-------- C:\Program Files\Mozilla Firefox
    2007-01-03 10:36 2 --a------ C:\WINDOWS\system32\wapisvit.exe
    2007-01-03 10:35 -------- d-------- C:\Program Files\Common Files
    2007-01-03 09:15 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
    2006-12-21 20:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2006-12-18 17:04 -------- d-------- C:\Program Files\eMule
    2006-12-14 08:22 -------- d-------- C:\Program Files\Outlook Express
    2006-12-14 08:22 -------- d-------- C:\Program Files\Common Files\System
    2006-12-11 22:01 -------- d-------- C:\Program Files\Full Tilt Poker
    2006-12-08 14:57 -------- d-------- C:\Program Files\Folder
    2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-27 22:02 -------- d-------- C:\Program Files\QuickTime Alternative
    2006-11-27 22:02 -------- d-------- C:\Program Files\iTunes
    2006-11-27 22:02 -------- d-------- C:\Program Files\iPod
    2006-11-22 21:38 -------- d-------- C:\Program Files\Common Files\*dobe
    2006-11-21 20:39 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-20 18:23 -------- d-------- C:\Program Files\ICTS-WinTrader
    2006-11-15 18:21 -------- d-------- C:\Program Files\DVD Shrink
    2006-11-15 17:24 -------- d-------- C:\Program Files\Fidelity Investments
    2006-11-15 17:24 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
    2006-11-15 16:51 -------- d-------- C:\Program Files\CandleWorks
    2006-11-15 02:07 -------- d-------- C:\Documents and Settings\Krakadil\Application Data\VMware
    2006-11-11 19:14 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
    2006-11-10 22:13 -------- d-------- C:\Program Files\PCFriendly
    2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-20 14:23 619352 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
    2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-09 20:42 295 --a------ C:\WINDOWS\system32\edlm.exe
    2006-10-09 20:42 213 --a------ C:\WINDOWS\system32\edlm2.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Solm"="\"C:\\PROGRA~1\\CROSOF~1\\winlogon.exe\" -vt ndrv"
    "Fsgqlooa"="C:\\Program Files\\Common Files\\s?mbols\\netdde.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
    "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
    "_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\masalert.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,92,04,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:000000b1
    "NoSharedDocuments"=hex:01,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="aim"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avgcc"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NMBgMonitor"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="googletalk"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LocationFinder"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ICQNet"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\ICQ\\ICQNet.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nhrukio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="regsvr32"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\M?crosoft\\regsvr32.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NVMixerTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PDVDServ"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ryi]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="wucrtupd"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\?racle\\wucrtupd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Solm]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winlogon"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\CROSOF~1\\winlogon.exe\" -vt ndrv"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tevb]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="csrss"
    "hkey"="HKCU"
    "command"="C:\\Documents and Settings\\Krakadil\\My Documents\\??sembly\\csrss.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uxrn]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="spoolsv"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\?ymantec\\spoolsv.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ViewMgr"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YahooMessenger"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="gnotify"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
    "inimapping"="0"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\McAfee AntiSpyware.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 07-01-03 23:11:54.89
    C:\ComboFix.txt ... 07-01-03 23:11
    C:\ComboFix2.txt ... 07-01-03 10:36

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    What are the pop-ups for ?

    You appear to be running 2 anti-virus ... please only run one or they may conflict...

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    R3 - URLSearchHook: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll

    O2 - BHO: (no name) - {7EDE61FD-FA4F-8D96-6FF0-F6AD087FB0CC} - C:\WINDOWS\system32\ybef.dll

    O4 - HKCU\..\Run: [Solm] "C:\PROGRA~1\CROSOF~1\winlogon.exe" -vt ndrv
    O4 - HKCU\..\Run: [Fsgqlooa] C:\Program Files\Common Files\s?mbols\netdde.exe

    O16 - DPF: {FAB8A8E6-219A-4C0A-AD91-BF4AB3947D6B} - file://C:\DOCUME~1\Krakadil\LOCALS~1\Temp\achat_default -3.2.0.20.cab

    O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)


    Reboot then find and delete :-

    C:\WINDOWS\system32\ybef.dll ... file

    -
    What is in this folder ?

    C:\Program Files\Outerinfo

    -
    Please go here and upload this file ...

    C:\WINDOWS\system32\wapisvit.exe

    http://www.virustotal.com/flash/index_en.html

    Click the browse button & browse to the file on your computer

    Post back the results

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default

    Done everything as advised. IE keeps freezing. Don't see any pop-outs yet.

    C:\Program Files\Outerinfo is Clickspring and OIN Search. I get pop-outs from them.

    Couldn't find C:\WINDOWS\system32\ybef.dll


    Complete scanning result of "wapisvit.exe_", received in VirusTotal at 01.05.2007, 04:15:01 (CET).

    eSafe 7.0.14.0 01.04.2007 Win32.Xorpix.al
    Ewido 4.0 01.04.2007 Trojan.Small
    Prevx1 V2 01.05.2007 Polymorphic Trojans



    Thank you.

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Quote Originally Posted by nikitka
    C:\Program Files\Outerinfo is Clickspring and OIN Search. I get pop-outs from them.

    Thank you.
    Yes I know what Outerinfo is :wink: ... but what files are in the folder ?

    Find & delete this file :-

    C:\WINDOWS\system32\wapisvit.exe

    I take it the other scanners at virus total found nothing in the file ?

    -
    Please run this next :-

    Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    ---
    Then please post a new hijackthis log

    & a new combofix log

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default

    Outerinfo folder has 3 files:
    OiUninstaller.exe
    outerinfo.ico
    Terms.rtf

    I can't delete C:\WINDOWS\system32\wapisvit.exe because it is being used. Even in Safe Mode.

    Thank you.

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Go to > Start > Control Panel > Add or Remove Programs > and uninstall

    Outerinfo
    OIN Search
    Oin
    Yazzle by Oin
    Purityscan by Oin
    Snowballwars by Oin
    or anything similar with Oin or Outerinfo in it.

    -
    THEN

    1. Download Pocket KillBox .. http://www.help2go.com/modules.php?n...ownload&id=378 (unzip to the desktop)

    2. Run the Killbox.exe file

    check the box "Delete on Reboot"

    copy and paste the following bold line into the "Full Path of File to Delete" box in Killbox..

    C:\WINDOWS\system32\wapisvit.exe

    click the red button with the white X on it.

    Say yes to "delete on reboot" - then say "yes" to reboot now...

    Let it reboot - If you get a PendingOperations message (reboot manually) ...

    Run hijackthis and post a new log

    -
    Check to see that wapisvit.exe has been deleted.

    Delete the folder C:\Program Files\Outerinfo (if it still exists)


    let us know if you are still having any problems...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default

    Everything completed. So far the system seems to be running smoothly. Below is the new Hijackthis and Combofix logs. Thank you!

  10. #10
    Member
    Join Date
    Dec 2006
    Posts
    15
    Points
    0

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 1:28:17 PM, on 1/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krakadil.com/portal/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab53083.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab53083.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab53083.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141102398734
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141102734953
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab53083.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab53083.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab53852.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Page 1 of 2 12 LastLast