Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Trojans And Malware, Wont Go Away!


  • This topic is locked This topic is locked
17 replies to this topic

#1 binx1310

binx1310

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 December 2006 - 02:24 PM

How ever often i try to clean with avg anti virus and anti spyware, spybot etc all run in safe mode with system restore switched off they still keep coming back.

When Last scanned i ran all i had. Spybot and Adaware come up with only tracking cookies.

AVG AV found:
Wlzip32[1].exe Trojan horse Downloader.Agent.HDK
win166.tmp Trojan horse Downloader.Agent.HDK
Yazzle11620inAdmin.exe Trojan horse Downloader.Generic2.TUJ

AVG AS found:
Downloader.PurityScan.dc
Downloader.Agent.bca
Trojan.Agent.vg

Stinger found nothing.


All of the above were supposedly healed but the same symptoms keep reappearing.
I have a smally flashing bomb in the status bar telling me i have infections and when i open internet exlorer i get a pop up trying to get me to do a free scan. I presume is the virus/trojan.

Hijack this log as follows:

Logfile of HijackThis v1.99.1
Scan saved at 19:20:45, on 04/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{2437126D-0898-1033-1130-05011305002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ToFine\USB PHONE\USB Skype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.ask4.com/tv/
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: usb phone.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162422153265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

All help is greatfully recieved.

Cheers

Will

BC AdBot (Login to Remove)

 


m

#2 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 December 2006 - 04:21 PM

Also just found that it wont let me boot in safe mode.
It just hangs on a black screen with the normal safe mode text round the edge.
When manualy trying to run explorer.exe using task manager it sometimes loads sometimes not, but then it goes again. u see the desktop for about 2 seconds then it goes away again.

will

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 01:26 PM

Hello,

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.
Safe mode should work afterwards, after running Vundofix first...

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

I see you already used smitrem before, however, that was a very old version, so delete any smitrem downloads you already have and download next version:
* Download Smitrem.exe and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized <== it's a bad idea to let p2p programs start up with windows.
O18 - Filter: text/html - (no CLSID) - (no file)

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following folder and delete it if still present:

C:\Program Files\Common Files\{2437126D-0898-1033-1130-05011305002c} <== folder

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Reboot back into Windows normal mode.

Post a new HijackThis Log and the contents of smitfiles.txt which is present on your Homedrive (C:\ in most cases) and the contents of C:\Vundofix.txt in you next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 December 2006 - 02:33 PM

Smit files:


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 05/12/2006
The current time is: 19:11:51.21

Running from
C:\Documents and Settings\William Durrant\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"D:\\Applications\\Morpheus installed to\\Morpheus Ultra\\Morpheus.exe"="D:\\Applications\\Morpheus installed to\\Morpheus Ultra\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
ixt*.dll
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 768 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :thumbsup:


hijack this:


Logfile of HijackThis v1.99.1
Scan saved at 19:29:18, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ToFine\USB PHONE\USB Skype.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {041425A9-E267-BBA5-A836-039A659B08FC} - C:\WINDOWS\system32\xyeicxb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0C858766-7D94-25CC-7392-072284CA6772} - C:\WINDOWS\system32\dabyime.dll
O2 - BHO: (no name) - {1F1942A9-BE12-CCC2-8CAF-080E393257FC} - C:\WINDOWS\system32\cjlpwkf.dll
O2 - BHO: (no name) - {2501D0BD-5628-3180-587B-0386D666EC26} - C:\WINDOWS\system32\drfwbvk.dll
O2 - BHO: (no name) - {31358CFA-E65E-058B-4373-0A816F54BA8D} - C:\WINDOWS\system32\vkmspbi.dll
O2 - BHO: (no name) - {3A8C993A-DD20-2BDE-103C-0BEA119B75A9} - C:\WINDOWS\system32\spknedl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {56F51BFB-7315-7DEC-714A-02FDDF87298A} - C:\WINDOWS\system32\rxoxghd.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {68A59F17-3AE6-325C-69CB-02616E0C25CA} - C:\WINDOWS\system32\htgvzbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {C447FAC1-0D7B-4DA1-BF7D-762EBA448F42} - C:\WINDOWS\system32\mljgf.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\ssqpmjg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iFolder] "C:\Program Files\iFolder\iFolderApp.exe" -checkautorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lwwmbon.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lwwmbon.dll,ritsagd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: usb phone.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162422153265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ssqpmjg - C:\WINDOWS\SYSTEM32\ssqpmjg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

will

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 02:48 PM

Hello,

You forgot to post the log from Vundofix. But no need to post it now, since we have to give it another run.
Looks like a lot of bad entries became visible in your Hijackthislog now..;

I have some remarks first though.. I see you have Kazaa and Morpheus installed. I do NOT recommend both of them, because they are bundled with spyware.
There are better and safer alternatives here:
http://p2p.malwareremoval.com/ (there you'll also find which ones NOT to install since they are infected)
That's why I recommend you uninstall Morpheus and Kazaa.

Also perform next:

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Kazaa\\kazaa.exe"=-
"D:\\Applications\\Morpheus installed to\\Morpheus Ultra\\Morpheus.exe"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

*read next instructions very carefully, because the steps to run vundofix are a littlebit different than the first time - I added some extra instructions:
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
  • Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\ssqpmjg.dll
  • Click the “Add Files” button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O2 - BHO: (no name) - {041425A9-E267-BBA5-A836-039A659B08FC} - C:\WINDOWS\system32\xyeicxb.dll
O2 - BHO: (no name) - {0C858766-7D94-25CC-7392-072284CA6772} - C:\WINDOWS\system32\dabyime.dll
O2 - BHO: (no name) - {1F1942A9-BE12-CCC2-8CAF-080E393257FC} - C:\WINDOWS\system32\cjlpwkf.dll
O2 - BHO: (no name) - {2501D0BD-5628-3180-587B-0386D666EC26} - C:\WINDOWS\system32\drfwbvk.dll
O2 - BHO: (no name) - {31358CFA-E65E-058B-4373-0A816F54BA8D} - C:\WINDOWS\system32\vkmspbi.dll
O2 - BHO: (no name) - {3A8C993A-DD20-2BDE-103C-0BEA119B75A9} - C:\WINDOWS\system32\spknedl.dll
O2 - BHO: (no name) - {56F51BFB-7315-7DEC-714A-02FDDF87298A} - C:\WINDOWS\system32\rxoxghd.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {68A59F17-3AE6-325C-69CB-02616E0C25CA} - C:\WINDOWS\system32\htgvzbd.dll
O2 - BHO: (no name) - {C447FAC1-0D7B-4DA1-BF7D-762EBA448F42} - C:\WINDOWS\system32\mljgf.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\ssqpmjg.dll
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [lwwmbon.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lwwmbon.dll,ritsagd
O20 - Winlogon Notify: ssqpmjg - C:\WINDOWS\SYSTEM32\ssqpmjg.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Vundofix (C:\vundofix.txt)

You may need several replies to post the logs, since they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 December 2006 - 02:55 PM

i dont want to remove morpheus. The only thing it is bundled with is the toolbar which i did not install.
do i proceed as you said above?

will

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 03:09 PM

If you choose to keep Morpheus, that's your choice ofcourse.

In that case, leave this line out of the fix.reg I asked you to create:

"D:\\Applications\\Morpheus installed to\\Morpheus Ultra\\Morpheus.exe"=-

Then proceed with next steps :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 December 2006 - 03:17 PM

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:04:51, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ToFine\USB PHONE\USB Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.ask4.com/tv
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iFolder] "C:\Program Files\iFolder\iFolderApp.exe" -checkautorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: usb phone.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162422153265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

vundo:


VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 18:47:37 05/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\hhtkytf.dll
C:\WINDOWS\system32\iarvash.dll
C:\WINDOWS\system32\lwwmbon.dll
C:\WINDOWS\system32\oipwhzm.dll
C:\WINDOWS\system32\oovsokb.dll
C:\WINDOWS\system32\rqtlrci.dll
C:\WINDOWS\system32\tquwync.dll
C:\WINDOWS\system32\winjvd32.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hhtkytf.dll
C:\WINDOWS\system32\hhtkytf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iarvash.dll
C:\WINDOWS\system32\iarvash.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lwwmbon.dll
C:\WINDOWS\system32\lwwmbon.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oipwhzm.dll
C:\WINDOWS\system32\oipwhzm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oovsokb.dll
C:\WINDOWS\system32\oovsokb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtlrci.dll
C:\WINDOWS\system32\rqtlrci.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tquwync.dll
C:\WINDOWS\system32\tquwync.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winjvd32.dll
C:\WINDOWS\system32\winjvd32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 19:54:56 05/12/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\ssqpmjg.dll
C:\WINDOWS\SYSTEM32\ssqpmjg.dll Has been deleted!

Performing Repairs to the registry.
Done!


combo fix:

William Durrant - 06-12-05 20:08:28.64 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\William Durrant\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3437126D-0898-1033-1130-05011305002c}


((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))


2006-12-05 19:22 <DIR> d-------- C:\WINDOWS\temp
2006-12-05 18:56 274,484 ---hs---- C:\WINDOWS\system32\ssqpn.dll
2006-12-05 18:47 <DIR> d-------- C:\VundoFix Backups
2006-12-05 18:25 71,168 --a------ C:\WINDOWS\system32\htgvzbd.dll
2006-12-05 18:23 40,973 ---hs---- C:\WINDOWS\system32\rqrssst.dll
2006-12-04 21:12 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-04 20:49 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\MSNInstaller
2006-12-04 18:42 <DIR> d-------- C:\Program Files\HijackThis
2006-12-04 16:49 93,696 --a------ C:\WINDOWS\system32\qsplyai.dll
2006-12-04 16:49 72,704 --a------ C:\WINDOWS\system32\drvvac.dll
2006-12-04 16:49 71,168 --a------ C:\WINDOWS\system32\spknedl.dll
2006-12-04 16:47 40,973 ---hs---- C:\WINDOWS\system32\opnklkl.dll
2006-12-03 19:41 72,704 --a------ C:\WINDOWS\system32\drvzub.dll
2006-12-03 19:41 71,168 --a------ C:\WINDOWS\system32\rxoxghd.dll
2006-12-03 19:41 40,973 ---hs---- C:\WINDOWS\system32\tuvwvvv.dll
2006-12-03 14:16 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2006-12-03 13:55 72,704 --a------ C:\WINDOWS\system32\drvxut.dll
2006-12-03 13:55 71,168 --a------ C:\WINDOWS\system32\cjlpwkf.dll
2006-12-03 13:55 40,973 ---hs---- C:\WINDOWS\system32\fccyawu.dll
2006-12-03 12:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-03 12:15 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2006-12-03 10:10 71,680 --a------ C:\WINDOWS\system32\xyeicxb.dll
2006-12-02 10:51 72,704 --a------ C:\WINDOWS\system32\drvwof.dll
2006-12-02 10:51 40,973 ---hs---- C:\WINDOWS\system32\iifcaxv.dll
2006-12-01 23:27 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-01 23:25 71,168 --a------ C:\WINDOWS\system32\vkmspbi.dll
2006-12-01 23:25 40,973 ---hs---- C:\WINDOWS\system32\wvuturs.dll
2006-12-01 20:51 72,704 --a------ C:\WINDOWS\system32\drvxoj.dll
2006-12-01 20:51 40,973 ---hs---- C:\WINDOWS\system32\nnnonlk.dll
2006-12-01 20:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-01 20:20 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-01 20:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-01 20:20 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-01 20:06 71,680 --a------ C:\WINDOWS\system32\dabyime.dll
2006-12-01 20:06 40,973 ---hs---- C:\WINDOWS\system32\tuvtspo.dll
2006-12-01 17:26 72,704 --a------ C:\WINDOWS\system32\drvbom.dll
2006-12-01 17:26 71,680 --a------ C:\WINDOWS\system32\drfwbvk.dll
2006-12-01 12:34 <DIR> d-------- C:\Temp
2006-11-30 00:15 <DIR> d-------- C:\Buziol Games
2006-11-23 20:19 <DIR> d-------- C:\Program Files\iTunes
2006-11-23 20:19 <DIR> d-------- C:\Program Files\iPod
2006-11-23 20:19 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Apple Computer
2006-11-23 20:18 <DIR> d-------- C:\Program Files\QuickTime
2006-11-23 20:09 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-23 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-22 17:56 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Help
2006-11-19 00:47 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Samsung
2006-11-17 11:29 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-17 11:29 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-16 21:40 <DIR> d-------- C:\Program Files\PartyGaming
2006-11-16 16:07 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Talkback
2006-11-16 16:06 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-13 12:11 <DIR> d-------- C:\Program Files\Skype
2006-11-13 12:11 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Skype
2006-11-13 12:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-11-13 12:09 <DIR> d-------- C:\Program Files\ToFine
2006-11-13 12:08 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-05 20:09 -------- d-------- C:\Program Files\Common Files
2006-12-05 20:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-04 20:49 -------- d-------- C:\Program Files\MSN
2006-12-04 14:27 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Adobe
2006-12-03 19:17 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\AVG7
2006-12-03 17:54 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-12-03 12:55 -------- d-------- C:\Program Files\Grisoft
2006-12-01 23:25 -------- d-------- C:\Program Files\AnfyTeam
2006-11-23 19:21 65952 --a------ C:\Documents and Settings\William Durrant\Application Data\GDIPFONTCACHEV1.DAT
2006-11-23 19:16 -------- d---s---- C:\Documents and Settings\William Durrant\Application Data\Microsoft
2006-11-20 21:10 -------- d-------- C:\Program Files\Adobe
2006-11-20 21:09 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-17 16:27 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Morpheus Ultra
2006-11-17 11:29 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-17 11:29 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-17 11:29 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-17 11:29 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-13 12:19 50137 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-11-13 12:19 2232 --a------ C:\Documents and Settings\William Durrant\Application Data\HPSU_48BitScanUpdate.log
2006-11-13 12:15 2577 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-11-13 12:09 3861 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_IZClosingDiscError.log
2006-11-13 12:09 2986 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_InstantShareJPG.log
2006-11-13 12:08 46112 --a------ C:\Documents and Settings\William Durrant\Application Data\Update_HP_RedboxHprblog_HPSU.log
2006-11-13 12:06 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-11-01 23:14 -------- d-------- C:\Program Files\Windows Media Player
2006-11-01 23:14 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-11-01 12:21 -------- d-------- C:\Program Files\Common Files\snp2std
2006-10-31 18:00 -------- d-------- C:\Program Files\Internet Explorer
2006-10-28 16:39 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Morpheus
2006-10-26 18:11 -------- d-------- C:\Program Files\Java
2006-10-26 11:44 -------- d-------- C:\Program Files\MorpheusBar
2006-10-26 11:44 -------- d-------- C:\Program Files\Morpheus
2006-10-25 19:39 -------- d-------- C:\Program Files\CyberLink
2006-10-21 15:34 -------- d-------- C:\Program Files\Morpheus Ultra
2006-10-21 11:39 98304 --a------ C:\WINDOWS\system32\qttask.exe
2006-10-21 11:36 -------- d-------- C:\Program Files\ACE Mega CoDecS Pack
2006-10-19 08:36 -------- d-------- C:\Program Files\Common Files\DirectX
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 14:17 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Macromedia
2006-10-18 14:16 -------- d-------- C:\Program Files\Macromedia
2006-10-18 14:16 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-10-18 13:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-18 12:12 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-07 19:51 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\HP
2006-10-04 17:36 10 --a------ C:\WINDOWS\smdat32m.sys
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-14 09:48 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-09-14 09:48 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-09-13 07:56 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-09-13 00:57 62 --ahs---- C:\Documents and Settings\William Durrant\Application Data\desktop.ini
2006-09-12 17:07 0 -rahs---- C:\MSDOS.SYS
2006-09-12 17:07 0 -rahs---- C:\IO.SYS
2006-09-12 17:07 0 --a------ C:\CONFIG.SYS
2006-09-12 17:07 0 --a------ C:\AUTOEXEC.BAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\\WINDOWS\\system32\\sw20.exe"
"SW24"="C:\\WINDOWS\\system32\\sw24.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SiSRaid"="C:\\Program Files\\Silicon Integrated Systems\\SiSRaidPackage\\SRaid.exe"
"SoundMan"="SOUNDMAN.EXE"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"iFolder"="\"C:\\Program Files\\iFolder\\iFolderApp.exe\" -checkautorun"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"FixCamera"="C:\\WINDOWS\\FixCamera.exe"
"tsnp2std"="C:\\WINDOWS\\tsnp2std.exe"
"snp2std"="C:\\WINDOWS\\vsnp2std.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"ishost.exe"="ishost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-05 20:09:23.53
C:\ComboFix.txt ... 06-12-05 20:09


cheers for all your help. Hopefully we are gettin there

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 03:57 PM

Hello,

Yes, we are getting somewhere - your Hijackthislog looks clean again, which means that the active infection is gone. However, you have still a lot of files to delete manually though..
Some files/folders may be hidden, so perform next first:

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Uninstall Ultimate Cleaner from Add/remove programs since this is an unwanted Tool: http://www.sophos.com/security/analyses/ultimatecleaner.html

Delete next folders and files:

C:\WINDOWS\system32\ssqpn.dll
C:\VundoFix Backups <== folder
C:\WINDOWS\system32\htgvzbd.dll
C:\WINDOWS\system32\rqrssst.dll
C:\WINDOWS\system32\qsplyai.dll
C:\WINDOWS\system32\drvvac.dll
C:\WINDOWS\system32\spknedl.dll
C:\WINDOWS\system32\opnklkl.dll
C:\WINDOWS\system32\drvzub.dll
C:\WINDOWS\system32\rxoxghd.dll
C:\WINDOWS\system32\tuvwvvv.dll
C:\Program Files\Ultimate Cleaner <== folder
C:\WINDOWS\system32\drvxut.dll
C:\WINDOWS\system32\cjlpwkf.dll
C:\WINDOWS\system32\fccyawu.dll
C:\WINDOWS\system32\xyeicxb.dll
C:\WINDOWS\system32\drvwof.dll
C:\WINDOWS\system32\iifcaxv.dll
C:\WINDOWS\system32\vkmspbi.dll
C:\WINDOWS\system32\wvuturs.dll
C:\WINDOWS\system32\drvxoj.dll
C:\WINDOWS\system32\nnnonlk.dll
C:\WINDOWS\system32\dabyime.dll
C:\WINDOWS\system32\tuvtspo.dll
C:\WINDOWS\system32\drvbom.dll
C:\WINDOWS\system32\drfwbvk.dll
C:\WINDOWS\smdat32m.sys

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"ishost.exe"=-

[-HKEY_CLASSES_ROOT\CLSID\{C671A733-A4AA-4B5F-8CEE-006242C457B5}]

Save this as fix2.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Post a new combofix log after performing above instructions in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 December 2006 - 04:01 PM

ultimate cleaner isnt in the ad/remove programs list

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 04:21 PM

That's ok, this means that a scan already deleted that uninstall entry.
Just delete the folder then as I gave in my instructions afterwards
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 December 2006 - 04:22 PM

William Durrant - 06-12-05 21:16:22.64 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\William Durrant\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))


2006-12-05 19:22 <DIR> d-------- C:\WINDOWS\temp
2006-12-04 21:12 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-04 20:49 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\MSNInstaller
2006-12-04 18:42 <DIR> d-------- C:\Program Files\HijackThis
2006-12-03 12:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-03 12:15 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2006-12-01 23:27 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-01 20:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-01 20:20 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-01 20:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-01 20:20 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-01 12:34 <DIR> d-------- C:\Temp
2006-11-30 00:15 <DIR> d-------- C:\Buziol Games
2006-11-23 20:19 <DIR> d-------- C:\Program Files\iTunes
2006-11-23 20:19 <DIR> d-------- C:\Program Files\iPod
2006-11-23 20:19 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Apple Computer
2006-11-23 20:18 <DIR> d-------- C:\Program Files\QuickTime
2006-11-23 20:09 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-23 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-22 17:56 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Help
2006-11-19 00:47 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Samsung
2006-11-17 11:29 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-17 11:29 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-16 21:40 <DIR> d-------- C:\Program Files\PartyGaming
2006-11-16 16:07 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Talkback
2006-11-16 16:06 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-13 12:11 <DIR> d-------- C:\Program Files\Skype
2006-11-13 12:11 <DIR> d-------- C:\Documents and Settings\William Durrant\Application Data\Skype
2006-11-13 12:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-11-13 12:09 <DIR> d-------- C:\Program Files\ToFine
2006-11-13 12:08 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-05 20:22 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-05 20:09 -------- d-------- C:\Program Files\Common Files
2006-12-04 20:49 -------- d-------- C:\Program Files\MSN
2006-12-04 14:27 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Adobe
2006-12-03 19:17 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\AVG7
2006-12-03 17:54 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-12-03 12:55 -------- d-------- C:\Program Files\Grisoft
2006-12-01 23:25 -------- d-------- C:\Program Files\AnfyTeam
2006-11-23 19:21 65952 --a------ C:\Documents and Settings\William Durrant\Application Data\GDIPFONTCACHEV1.DAT
2006-11-23 19:16 -------- d---s---- C:\Documents and Settings\William Durrant\Application Data\Microsoft
2006-11-20 21:10 -------- d-------- C:\Program Files\Adobe
2006-11-20 21:09 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-17 16:27 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Morpheus Ultra
2006-11-17 11:29 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-17 11:29 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-17 11:29 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-17 11:29 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-13 12:19 50137 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-11-13 12:19 2232 --a------ C:\Documents and Settings\William Durrant\Application Data\HPSU_48BitScanUpdate.log
2006-11-13 12:15 2577 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-11-13 12:09 3861 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_IZClosingDiscError.log
2006-11-13 12:09 2986 --a------ C:\Documents and Settings\William Durrant\Application Data\PatchUpdate_InstantShareJPG.log
2006-11-13 12:08 46112 --a------ C:\Documents and Settings\William Durrant\Application Data\Update_HP_RedboxHprblog_HPSU.log
2006-11-13 12:06 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-11-01 23:14 -------- d-------- C:\Program Files\Windows Media Player
2006-11-01 23:14 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-11-01 12:21 -------- d-------- C:\Program Files\Common Files\snp2std
2006-10-31 18:00 -------- d-------- C:\Program Files\Internet Explorer
2006-10-28 16:39 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Morpheus
2006-10-26 18:11 -------- d-------- C:\Program Files\Java
2006-10-26 11:44 -------- d-------- C:\Program Files\MorpheusBar
2006-10-26 11:44 -------- d-------- C:\Program Files\Morpheus
2006-10-25 19:39 -------- d-------- C:\Program Files\CyberLink
2006-10-21 15:34 -------- d-------- C:\Program Files\Morpheus Ultra
2006-10-21 11:39 98304 --a------ C:\WINDOWS\system32\qttask.exe
2006-10-21 11:36 -------- d-------- C:\Program Files\ACE Mega CoDecS Pack
2006-10-19 08:36 -------- d-------- C:\Program Files\Common Files\DirectX
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 14:17 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\Macromedia
2006-10-18 14:16 -------- d-------- C:\Program Files\Macromedia
2006-10-18 14:16 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-10-18 13:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-18 12:12 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-07 19:51 -------- d-------- C:\Documents and Settings\William Durrant\Application Data\HP
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-14 09:48 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-09-14 09:48 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-09-13 07:56 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-09-13 00:57 62 --ahs---- C:\Documents and Settings\William Durrant\Application Data\desktop.ini
2006-09-12 17:07 0 -rahs---- C:\MSDOS.SYS
2006-09-12 17:07 0 -rahs---- C:\IO.SYS
2006-09-12 17:07 0 --a------ C:\CONFIG.SYS
2006-09-12 17:07 0 --a------ C:\AUTOEXEC.BAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\\WINDOWS\\system32\\sw20.exe"
"SW24"="C:\\WINDOWS\\system32\\sw24.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SiSRaid"="C:\\Program Files\\Silicon Integrated Systems\\SiSRaidPackage\\SRaid.exe"
"SoundMan"="SOUNDMAN.EXE"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"iFolder"="\"C:\\Program Files\\iFolder\\iFolderApp.exe\" -checkautorun"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"FixCamera"="C:\\WINDOWS\\FixCamera.exe"
"tsnp2std"="C:\\WINDOWS\\tsnp2std.exe"
"snp2std"="C:\\WINDOWS\\vsnp2std.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-05 21:17:06.42
C:\ComboFix.txt ... 06-12-05 21:17
C:\ComboFix2.txt ... 06-12-05 20:09




will

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 04:28 PM

Looking good again. :thumbsup:

How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 December 2006 - 04:30 PM

everything seems fine. no pop ups or anything. i will post back here if i have anymore troubles.

can i delete the fix.reg files from my desktop and cna i delete the combo fix and vundo things?

also, i did the morpheus fix to the registry like you said. will morpheus still work? if not what will i need to do?

Thankyou so much for your help.

If i wasnt such a poor student i would make a donation to you on paypal!

the world needs more people like you and less virus writers!

Thanks again

Will

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:25 AM

Posted 05 December 2006 - 04:46 PM

Hello,

Yes, you may delete the fix.reg, combofix and vundofix.

also, i did the morpheus fix to the registry like you said. will morpheus still work? if not what will i need to do?

Yes it will, the regfix I asked you to perform deleted the Morpheus from your Windows Firewall acception/AuthorizedApplications list. But since your Windows Firewall is disabled anyway (you are using Sygate instead), it ignores this list.
Also, in case you reenable Windows firewall and you run Morpheus, and when it won't allow connections, just add Morpheus again in the exceptions list. To do this: To add a program to the exceptions list:. Click Start > Control Panel. In the control panel, click Security Center > Windows Firewall. On the Exceptions tab, click add program.
Look here with screenshots: http://www.microsoft.com/windowsxp/using/s...exceptions.mspx
Anyway, it will work now since Sygate Firewall "overrules" the Windows Firewall and the rules in your sygate are the ones that count now.

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
How to use SpywareBlaster

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users