Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

.dll file keeps erroring also have trojan downloader's i can't


  • This topic is locked This topic is locked

#1
Keendrae

Keendrae

    New Member

  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:46:09 PM, on 11/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\System32\rwinppem.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\ms064277-46488.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\eltonehour.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\octeltpop.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A2321030-F985-F15A-8DAB-D628E7233BED} - C:\WINDOWS\System32\zsdhasdr.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [kng67870] RUNDLL32.EXE w317437a.dll,n 0066786a00000002317437a
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\rwinppem.exe ELT001
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ms064277-46488] C:\WINDOWS\ms064277-46488.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [startemdoit] C:\WINDOWS\eltonehour.exe
O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1pop06apelt3] C:\WINDOWS\octeltpop.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Cbaljhc] C:\Documents and Settings\Lauren Merritt\My Documents\??mbols\n?lookup.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\rwinppem.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/eliteview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162968114937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162968095906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGF1cmVuIE1lcnJpdHQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\nhwvukh.exe (file missing)
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
Keendrae

Keendrae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Lauren Merritt - 06-11-08 14:50:27.62 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Lauren Merritt\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\tsuninst.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Cowabanga
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\Program Files\Common Files\{344A6DCB-09DC-1033-0919-030709040001}
C:\Program Files\Common Files\{E44A6DCB-09DC-1033-0919-030709040001}
C:\WINDOWS\TGF1cmVuIE1lcnJpdHQ

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Lauren Merritt\My Documents\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Lauren Merritt\My Documents\MBOLS~1\597.tmp
C:\QooBox\Purity\Documents and Settings\Lauren Merritt\My Documents\MBOLS~1\n?lookup_exe.vir
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET\CROSOF~1.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 ))))))))))))))))))))))))))))))))))


2006-11-08 14:30 277,182 --a------ C:\combofix.exe
2006-11-08 13:12 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
2006-11-08 13:12 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
2006-11-08 13:11 8,598,632 --a------ C:\sdsetupspyware.exe
2006-11-08 13:01 991,232 --a------ C:\WINDOWS\SYSTEM32\VchReg.dll
2006-11-08 13:01 50,904 --a------ C:\WINDOWS\SYSTEM32\CloseAll.exe
2006-11-08 13:01 249,856 --a------ C:\WINDOWS\SYSTEM32\CheckDll.dll
2006-11-08 12:59 5,221,952 --a------ C:\spywaredetectorbiz.exe
2006-11-08 12:38 218,112 --a------ C:\HijackThis.exe
2006-11-08 03:13 1,321,432 --a------ C:\noadware.exe
2006-11-08 01:07 697,497 ---hs---- C:\WINDOWS\SYSTEM32\tvvwa.bak2
2006-11-08 01:06 697,497 ---hs---- C:\WINDOWS\SYSTEM32\tvvwa.ini2
2006-11-08 00:47 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-11-08 00:45 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2006-11-08 00:45 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2006-11-08 00:45 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2006-11-08 00:45 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-11-08 00:45 158,720 --------- C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-11-08 00:42 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2006-11-08 00:42 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2006-11-08 00:42 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2006-11-08 00:42 18,200 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2006-11-08 00:42 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2006-11-08 00:42 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2006-11-08 00:07 45,056 --a------ C:\WINDOWS\octeltpop.exe
2006-11-07 23:14 12,319,320 --a------ C:\installactivescan.exe
2006-11-07 21:50 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-07 21:39 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2006-11-07 21:38 722,009 ---hs---- C:\WINDOWS\SYSTEM32\tvvwa.bak1
2006-11-07 21:38 692,276 --a------ C:\WINDOWS\SYSTEM32\awvvt.dll
2006-11-07 21:38 110,612 --a------ C:\WINDOWS\SYSTEM32\hendsukf.exe
2006-11-07 21:37 65,536 --a------ C:\WINDOWS\eltonehour.exe
2006-11-07 21:37 36,864 --a------ C:\WINDOWS\unstall.exe
2006-11-07 21:36 6,469,352 --a------ C:\avgas-setup-7.5.0.50.exe
2006-11-07 21:33 40,973 ---hs---- C:\WINDOWS\SYSTEM32\byxyyxw.dll
2006-11-07 20:27 2,855,080 --a------ C:\aawsepersonal.exe
2006-11-07 19:54 626,960 -ra------ C:\WINDOWS\SYSTEM32\hpvaut32.dll
2006-11-07 19:54 487,424 -ra------ C:\WINDOWS\SYSTEM32\hpvcp70.dll
2006-11-07 19:54 44,544 -ra------ C:\WINDOWS\SYSTEM32\MSXML4a.dll
2006-11-07 19:54 344,064 -ra------ C:\WINDOWS\SYSTEM32\hpvcr70.dll
2006-11-07 19:53 82,380 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS
2006-11-07 19:46 94,208 -ra------ C:\WINDOWS\SYSTEM32\HPZipt12.dll
2006-11-07 19:46 65,795 -ra------ C:\WINDOWS\SYSTEM32\HPZipm12.exe
2006-11-07 19:46 61,699 -ra------ C:\WINDOWS\SYSTEM32\HPZinw12.exe
2006-11-07 19:46 57,344 -ra------ C:\WINDOWS\SYSTEM32\HPZisn12.dll
2006-11-07 19:46 51,056 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
2006-11-07 19:46 266,296 -ra------ C:\WINDOWS\SYSTEM32\HPZidr12.dll
2006-11-07 19:46 196,608 -ra------ C:\WINDOWS\SYSTEM32\HPZipr12.dll
2006-11-07 19:46 16,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2006-11-07 19:45 21,760 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
2006-11-07 19:45 198,424 --a------ C:\WINDOWS\SYSTEM32\iuengine.dll
2006-11-07 19:03 47,104 --a------ C:\ATF-Cleaner.exe
2006-11-06 21:03 167,936 --a------ C:\WINDOWS\ms064277-46488.exe
2006-11-06 20:17 4,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys
2006-11-06 20:17 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2006-11-06 20:17 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2006-11-06 20:17 28,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-11-06 20:17 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
2006-11-06 20:16 816,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-11-06 20:13 23,014,856 --a------ C:\avg75avwt_431a836.exe
2006-11-04 13:12 126,996 --a------ C:\WINDOWS\SYSTEM32\ncxvqkao.dll
2006-11-02 11:27 49,428 --a------ C:\WINDOWS\SYSTEM32\fujieber.dll
2006-10-28 23:13 96,256 --a------ C:\WINDOWS\SYSTEM32\durvil1.exe
2006-10-28 23:13 96,256 --a------ C:\WINDOWS\SYSTEM32\druid1.exe
2006-10-27 09:48 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2006-10-27 09:48 315,392 --a------ C:\WINDOWS\SYSTEM32\rlls.dll
2006-10-27 09:37 187,495 --a------ C:\WINDOWS\Setup99.exe
2006-10-27 02:54 1,259 --a------ C:\WINDOWS\SYSTEM32\kng67870.sys
2006-10-27 02:53 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-27 02:53 172,124 --a------ C:\WINDOWS\SYSTEM32\rwinppem.exe
2006-10-27 02:53 1,115 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-10-27 02:48 2 --a------ C:\WINDOWS\SYSTEM32\wtssvsu.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-08 14:53 -------- d-------- C:\Program Files\Common Files
2006-11-08 13:15 -------- d-------- C:\Program Files\Spyware Doctor
2006-11-08 13:13 -------- d-------- C:\Program Files\Google
2006-11-08 13:13 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\Google
2006-11-08 13:12 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\PC Tools
2006-11-08 13:07 7372 --a------ C:\Program Files\hijackthis save file.txt
2006-11-08 13:01 -------- d-------- C:\Program Files\SpywareDetector
2006-11-08 12:33 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\AVG7
2006-11-08 02:57 -------- d-------- C:\Program Files\NoAdware4
2006-11-08 00:42 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-08 00:12 -------- d-------- C:\Program Files\Internet Explorer
2006-11-08 00:10 -------- d-------- C:\Program Files\AlienGUIse
2006-11-07 22:59 -------- d-------- C:\Program Files\VSAdd-in
2006-11-07 21:50 -------- d-------- C:\Program Files\Grisoft
2006-11-07 21:39 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\SearchToolbarCorp
2006-11-07 20:28 -------- d-------- C:\Program Files\Lavasoft
2006-11-07 20:28 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\Lavasoft
2006-11-07 19:54 -------- d---s---- C:\Documents and Settings\Lauren Merritt\Application Data\Microsoft
2006-11-07 19:54 -------- d-------- C:\Program Files\HP
2006-11-07 19:54 -------- d-------- C:\Program Files\Hewlett-Packard
2006-11-06 20:18 45811 --ahs---- C:\Documents and Settings\Lauren Merritt\Application Data\8D32DF8BD3B84783A0C5FE37E2FC8659.rul
2006-11-06 20:18 12609 --ahs---- C:\Documents and Settings\Lauren Merritt\Application Data\8D32DF8BD3B84783A0C5FE37E2FC8659.sta
2006-10-29 00:48 -------- d-------- C:\Program Files\Adobe
2006-10-27 09:46 -------- d-------- C:\Program Files\Common Files\ofwi
2006-10-27 02:53 -------- d-------- C:\Program Files\em
2006-10-01 00:32 -------- d-------- C:\Program Files\World of Warcraft
2006-09-21 16:42 618328 --a------ C:\WINDOWS\SYSTEM32\WINSSWEBAGENT.DLL


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"ms064277-46488"="C:\\WINDOWS\\ms064277-46488.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\\hphupd05.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"startemdoit"="C:\\WINDOWS\\eltonehour.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"1pop06apelt3"="C:\\WINDOWS\\octeltpop.exe"
"SystemTraySD"="C:\\Program Files\\SpywareDetector\\SDSystemTray.exe"
"SDAutoLiveupdate"="C:\\Program Files\\SpywareDetector\\LiveUpdateSD.exe -AUTO"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"ContinueOneCareInstall"="rundll32 C:\\WINDOWS\\system32\\winsswebagent.dll,LaunchIEAfterReboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e1,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

Here's the info you requested from combofix and thanks for helping me sam!

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\expmfc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Daily.job

Completion time: 06-11-08 14:56:24.17
C:\ComboFix.txt ... 06-11-08 14:56
  • 0

#4
Keendrae

Keendrae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Also I have downloaded avg 7.5 trial version and avg anti-spyware...will those conflict?
  • 0

#5
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

Also I have downloaded avg 7.5 trial version and avg anti-spyware...will those conflict?

I certainly hope not. They are from the same company. :whistling:
They should get along just fine.



Please open up AVG Anti-Spyware
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

You may want to print out these instructions as the rest of this fix will take place in safe mode.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Clean out your Temporary Internet files.
    • Internet Explorer
      [list]
    • Close Internet Explorer and close any instances of Windows Explorer.
    • Click Start -> Control Panel and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.

  • Firefox (In case you also have Firefox installed)
    • Open Firefox and go to Tools -> Options.
    • Click Privacy in the menu on the left side of the Options window.
    • Click the Clear button located to the right of each option (History, Cookies, Cache).
    • Click OK to close the Options window.
      Alternatively, you can clear all information stored while browsing by clicking Clear All.
      A confirmation dialog box will be shown before clearing the information.
IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware scan report along with a new Hijackthis log.


==============


Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\combofix.exe" /v awvvt

When it's done running it will produce a log for you. Please post that log in your next reply.
  • 0

#6
Keendrae

Keendrae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
:whistling: I am having trouble loading in safe mode :blink:

I have hit the f8 button and turned it on but I am getting stalled in a dos setting or in the user screen at the beginning.

Edited by Keendrae, 08 November 2006 - 10:29 PM.

  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ok, just follow the same steps in normal mode.
  • 0

#8
Keendrae

Keendrae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I thought you wanted me to post a new log...not reply..sorry :whistling:
Thanks for helping me!


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:01:55 PM 11/7/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temp\temp.fr4BF5 -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP558\A0519641.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rk.bin -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDoctor 2006 Free -> Adware.Systemdoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\USDR6cw -> Adware.Systemdoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dc6_check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SystemDoctor 2006 Free -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\Activate.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\Activate.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\DataBase.sav -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\License.rtf -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\ReportListFile.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\SafeMedia -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\SafeMedia\Mp3DB -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\SafeMedia\MpegDB -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\SafeMedia\WaveDB -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\Sd2006.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\atl71.dll -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\bnlink.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\dcmon.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\err.log -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\hmlink.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\insthelp.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\lapv.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\lock.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\mfc71.dll -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\msvcp71.dll -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\msvcr71.dll -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\order.dll -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\pasmon.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\pv.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\readme.rtf -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\sd2006url.url -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\sdr.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\sr.log -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\st.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\support.url -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\umain.xml -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\unins000.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\unins000.exe -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\up.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Program Files\SystemDoctor 2006 Free\updater.dat -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temp\temp.frF885\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temp\temp.frF885\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP558\A0519642.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP558\A0519643.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\3138302D2D2D[1].exe -> Downloader.Adload.bl : Cleaned with backup (quarantined).
C:\WINDOWS\ab_01.exe -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\WINDOWS\ab_02.exe -> Downloader.Agent.bai : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ofwi\ofwid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temporary Internet Files\Content.IE5\AI1C5YFT\ErrorSafeNewReleaseInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Local Settings\Temp\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\Program Files\Radmin\AdmDll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP558\A0527676.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\radmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Lauren Merritt\Cookies\lauren [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP558\A0527677.dll -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Did you complete this step?

Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\combofix.exe" /v awvvt

When it's done running it will produce a log for you. Please post that log in your next reply.




Please post a new hijackthis log also.
  • 0

#10
Keendrae

Keendrae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Must have missed that one here it is!

Lauren Merritt - 06-11-11 20:06:33.93 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Lauren Merritt\desktop"
Command switches used :: /v awvvt

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Duce6.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Lauren Merritt\My Documents\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Lauren Merritt\My Documents\MBOLS~1\597.tmp
C:\QooBox\Purity\Documents and Settings\Lauren Merritt\My Documents\MBOLS~1\n?lookup_exe.vir
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET\CROSOF~1.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-09 12:16 53,248 --a------ C:\WINDOWS\SYSTEM32\helper1.dll
2006-11-09 10:59 53,248 --a------ C:\WINDOWS\SYSTEM32\helper.dll
2006-11-08 14:30 277,182 --a------ C:\combofix.exe
2006-11-08 13:12 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
2006-11-08 13:12 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
2006-11-08 13:11 8,598,632 --a------ C:\sdsetupspyware.exe
2006-11-08 13:01 991,232 --a------ C:\WINDOWS\SYSTEM32\VchReg.dll
2006-11-08 13:01 50,904 --a------ C:\WINDOWS\SYSTEM32\CloseAll.exe
2006-11-08 13:01 249,856 --a------ C:\WINDOWS\SYSTEM32\CheckDll.dll
2006-11-08 12:59 5,221,952 --a------ C:\spywaredetectorbiz.exe
2006-11-08 12:38 218,112 --a------ C:\HijackThis.exe
2006-11-08 03:13 1,321,432 --a------ C:\noadware.exe
2006-11-08 00:47 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-11-08 00:45 7,680 --a------ C:\WINDOWS\SYSTEM32\bitsprx2.dll
2006-11-08 00:45 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx3.dll
2006-11-08 00:45 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2006-11-08 00:45 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-11-08 00:45 158,720 --------- C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-11-08 00:42 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2006-11-08 00:42 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2006-11-08 00:42 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2006-11-08 00:42 18,200 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2006-11-08 00:42 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2006-11-08 00:42 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2006-11-08 00:07 45,056 --a------ C:\WINDOWS\octeltpop.exe
2006-11-07 23:14 12,319,320 --a------ C:\installactivescan.exe
2006-11-07 21:50 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-07 21:39 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2006-11-07 21:37 65,536 --a------ C:\WINDOWS\eltonehour.exe
2006-11-07 21:37 36,864 --a------ C:\WINDOWS\unstall.exe
2006-11-07 21:36 6,469,352 --a------ C:\avgas-setup-7.5.0.50.exe
2006-11-07 21:33 40,973 --ahs---- C:\WINDOWS\SYSTEM32\byxyyxw.dll
2006-11-07 20:27 2,855,080 --a------ C:\aawsepersonal.exe
2006-11-07 19:54 626,960 -ra------ C:\WINDOWS\SYSTEM32\hpvaut32.dll
2006-11-07 19:54 487,424 -ra------ C:\WINDOWS\SYSTEM32\hpvcp70.dll
2006-11-07 19:54 44,544 -ra------ C:\WINDOWS\SYSTEM32\MSXML4a.dll
2006-11-07 19:54 344,064 -ra------ C:\WINDOWS\SYSTEM32\hpvcr70.dll
2006-11-07 19:53 82,380 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS
2006-11-07 19:46 94,208 -ra------ C:\WINDOWS\SYSTEM32\HPZipt12.dll
2006-11-07 19:46 65,795 -ra------ C:\WINDOWS\SYSTEM32\HPZipm12.exe
2006-11-07 19:46 61,699 -ra------ C:\WINDOWS\SYSTEM32\HPZinw12.exe
2006-11-07 19:46 57,344 -ra------ C:\WINDOWS\SYSTEM32\HPZisn12.dll
2006-11-07 19:46 51,056 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
2006-11-07 19:46 266,296 -ra------ C:\WINDOWS\SYSTEM32\HPZidr12.dll
2006-11-07 19:46 196,608 -ra------ C:\WINDOWS\SYSTEM32\HPZipr12.dll
2006-11-07 19:46 16,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2006-11-07 19:45 21,760 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
2006-11-07 19:45 198,424 --a------ C:\WINDOWS\SYSTEM32\iuengine.dll
2006-11-07 19:03 47,104 --a------ C:\ATF-Cleaner.exe
2006-11-06 21:03 167,936 --a------ C:\WINDOWS\ms064277-46488.exe
2006-11-06 20:17 4,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys
2006-11-06 20:17 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2006-11-06 20:17 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2006-11-06 20:17 28,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-11-06 20:17 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
2006-11-06 20:16 816,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-11-06 20:13 23,014,856 --a------ C:\avg75avwt_431a836.exe
2006-11-04 13:12 126,996 --a------ C:\WINDOWS\SYSTEM32\ncxvqkao.dll
2006-11-02 11:27 49,428 --a------ C:\WINDOWS\SYSTEM32\fujieber.dll
2006-10-28 23:13 96,256 --a------ C:\WINDOWS\SYSTEM32\durvil1.exe
2006-10-28 23:13 96,256 --a------ C:\WINDOWS\SYSTEM32\druid1.exe
2006-10-27 09:48 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2006-10-27 09:48 315,392 --a------ C:\WINDOWS\SYSTEM32\rlls.dll
2006-10-27 09:37 187,495 --a------ C:\WINDOWS\Setup99.exe
2006-10-27 02:54 1,259 --a------ C:\WINDOWS\SYSTEM32\kng67870.sys
2006-10-27 02:53 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-27 02:53 172,124 --a------ C:\WINDOWS\SYSTEM32\rwinppem.exe
2006-10-27 02:53 1,115 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-10-27 02:48 2 --a------ C:\WINDOWS\SYSTEM32\wtssvsu.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 20:11 -------- d-------- C:\Program Files\SpywareDetector
2006-11-11 08:00 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\AVG7
2006-11-10 19:39 -------- d-------- C:\Program Files\Spyware Doctor
2006-11-10 08:30 -------- d-------- C:\Program Files\webHancer
2006-11-09 13:06 -------- d-------- C:\Program Files\World of Warcraft
2006-11-08 19:52 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\Google
2006-11-08 14:53 -------- d-------- C:\Program Files\Common Files
2006-11-08 13:13 -------- d-------- C:\Program Files\Google
2006-11-08 13:12 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\PC Tools
2006-11-08 13:07 7372 --a------ C:\Program Files\hijackthis save file.txt
2006-11-08 02:57 -------- d-------- C:\Program Files\NoAdware4
2006-11-08 00:42 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-08 00:12 -------- d-------- C:\Program Files\Internet Explorer
2006-11-08 00:10 -------- d-------- C:\Program Files\AlienGUIse
2006-11-07 22:59 -------- d-------- C:\Program Files\VSAdd-in
2006-11-07 21:50 -------- d-------- C:\Program Files\Grisoft
2006-11-07 21:39 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\SearchToolbarCorp
2006-11-07 20:28 -------- d-------- C:\Program Files\Lavasoft
2006-11-07 20:28 -------- d-------- C:\Documents and Settings\Lauren Merritt\Application Data\Lavasoft
2006-11-07 19:54 -------- d---s---- C:\Documents and Settings\Lauren Merritt\Application Data\Microsoft
2006-11-07 19:54 -------- d-------- C:\Program Files\HP
2006-11-07 19:54 -------- d-------- C:\Program Files\Hewlett-Packard
2006-11-06 20:18 45811 --ahs---- C:\Documents and Settings\Lauren Merritt\Application Data\8D32DF8BD3B84783A0C5FE37E2FC8659.rul
2006-11-06 20:18 12609 --ahs---- C:\Documents and Settings\Lauren Merritt\Application Data\8D32DF8BD3B84783A0C5FE37E2FC8659.sta
2006-10-29 00:48 -------- d-------- C:\Program Files\Adobe
2006-10-27 09:46 -------- d-------- C:\Program Files\Common Files\ofwi
2006-10-27 02:53 -------- d-------- C:\Program Files\em
2006-09-21 16:42 618328 --a------ C:\WINDOWS\SYSTEM32\WINSSWEBAGENT.DLL


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"ms064277-46488"="C:\\WINDOWS\\ms064277-46488.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\\hphupd05.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"startemdoit"="C:\\WINDOWS\\eltonehour.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"1pop06apelt3"="C:\\WINDOWS\\octeltpop.exe"
"SystemTraySD"="C:\\Program Files\\SpywareDetector\\SDSystemTray.exe"
"SDAutoLiveupdate"="C:\\Program Files\\SpywareDetector\\LiveUpdateSD.exe -AUTO"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e1,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Daily.job

Completion time: 06-11-11 20:12:11.50
C:\ComboFix.txt ... 06-11-11 20:12
C:\ComboFix2.txt ... 06-11-08 14:56
  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Delete these files.

C:\WINDOWS\eltonehour.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\ms064277-46488.exe
C:\WINDOWS\SYSTEM32\ncxvqkao.dll
C:\WINDOWS\SYSTEM32\fujieber.dll
C:\WINDOWS\SYSTEM32\durvil1.exe
C:\WINDOWS\SYSTEM32\druid1.exe
C:\WINDOWS\SYSTEM32\rlls.dll
C:\WINDOWS\Setup99.exe
C:\WINDOWS\SYSTEM32\kng67870.sys
C:\WINDOWS\Setup90.exe
C:\WINDOWS\SYSTEM32\rwinppem.exe
C:\WINDOWS\SYSTEM32\winpfg32.sys
C:\WINDOWS\SYSTEM32\wtssvsu.exe



Delete these folders.

C:\Program Files\webHancer
C:\Program Files\VSAdd-in
C:\Program Files\Common Files\ofwi



==============



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP