Tech Support Guy banner
Cancel

Help - OUTERINFO HELP PLEASE!!!

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 9 of 9 Posts
T

· Registered
Joined
·
177 Posts
#2 ·
Hi nicolaysen29! :)

Need to see some logs please.

Click here to download HJTsetup.exe. Save it to your Desktop!
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Also, I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.

Please post the HijackThis and Uninstall logs back here.
 
N

· Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Here is my systemscan and logfile

Logfile of HijackThis v1.99.1
Scan saved at 1:00:39 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MCROSO~1\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\Program Files\blcorp\WinCleaner AntiSpyware\WCAntiSpy.exe
C:\PROGRA~1\WINCLE~1\ONLNSVC.EXE
C:\PROGRA~1\WINCLE~1\scanwscs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\moveminute\05091201\movemedia.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Owner\My Documents\??curity\SCHOST~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.juno.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {5640EB18-07A1-2A0F-8F7A-7C12E035E4B8} - C:\WINDOWS\system32\vwsvg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gqtdawb.exe
O2 - BHO: (no name) - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - (no file)
O2 - BHO: (no name) - {5640EB18-07A1-2A0F-8F7A-7C12E035E4B8} - C:\WINDOWS\system32\vwsvg.dll
O2 - BHO: (no name) - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - (no file)
O2 - BHO: (no name) - {E7653972-D6CE-AF65-B369-FD7A97970CEA} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\windows\system32\qodsregm.exe FI002
O4 - HKLM\..\Run: [gjZC2XV] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [eeanpp] C:\WINDOWS\System32\fmvvpr.exe reg_run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [No] "C:\WINDOWS\DOBE~1\dexplore.exe" -vt yax
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\MCROSO~1\javaw.exe" -vt yax
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.exe"
O4 - HKCU\..\Run: [Rzlajoql] C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1\SCHOST~1.EXE
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\24.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoveMinutesQuickCheck] "c:\program files\moveminute\05091201\movemedia.exe" /boot
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Startup: WCAntiSpy.lnk = C:\Program Files\blcorp\WinCleaner AntiSpyware\WCAntiSpy.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152551038828
O16 - DPF: {9294206B-A9B2-4F73-938E-89F694F48101} (MoveMinute Browser Object) - http://xlonhcld.xlontech.net/100348/moveminute4/ldsdlprod.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.bigfishgames.com/en_chuzzledeluxe/online/13/popcaploader_v10.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - (no file)
O20 - AppInit_DLLs: repairs303169554.dll attrib.dll
O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winptp32 - winptp32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\WINCLE~1\ONLNSVC.EXE
O23 - Service: WinCleaner Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\WINCLE~1\scanwscs.exe
 
N

· Registered
Joined
·
7 Posts
Discussion Starter · #4 ·
Here is my uninstall list

Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Apple Software Update
CK Creative Clips and Fonts for Special Occasions
Creative Lettering Combo
Disney Mix Stick
FinePixViewer Ver.3.2
FUJIFILM USB Driver
Full Tilt Poker
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp deskjet 3600
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Software Update
HPIZ350
IANAG .2
ImageMixer VCD for FinePix
InterActual Player
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LimeWire 4.12.6
LQfix 2.1
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
MicroStaff WINASPI
Move Networks MoveMedia
Mozilla Firefox (2.0.0.1)
MSN
MSN Encarta Plus Support Files
MSN Messenger 6.1
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero - Burning Rom
Outerinfo
Panda ActiveScan
PC-Doctor for Windows
Photo Story 3 for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
Quicken 2004
QuickTime
QuickTime
Registry Mechanic 6.0
Rhapsody Player Engine
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Toolkit View(HP)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Updates from HP
USB Driver Vers. 3.2
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
WinCleaner AntiVirus
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7

Thanks for the help.

Chris
 
T

· Registered
Joined
·
177 Posts
#5 ·
Hi Chris! Sorry for delay. For some reason, I didn't get an email notification of your reply.

Please do the following...

I don't see any indication of a Firewall in your HijackThis log. This may be because:

(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.

In the case you don't have a Firewall, please download one from the list below - They are Free!

Zone Alarm << I recommend this
Sunbelt Kerio PF
Outpost Firewall

Likewise, I don't see an Anti-Virus program. Please download one from the list below - They are Free!

AVG Free Edition << I recommend this
AntiVir
avast! 4 Home Edition
_____________________________

I need you to scan a file please...

  • go to VirusTotal
  • Copy and paste the following file path into the Search Box at the top of the page:
  • C:\WINDOWS\system32\vwsvg.dll
  • Click on the Send button
  • Please post the results in your next reply.
_____________________________

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

Outerinfo
WinCleaner AntiVirus
_____________________________

Download this file to your Desktop - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply, along with a new HijackThis log and the scan results.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
N

· Registered
Joined
·
7 Posts
Discussion Starter · #6 ·
Here is the Virus Total Results. Sorry for the long wait.

Complete scanning result of "vwsvg.dll", received in VirusTotal at 01.08.2007, 05:49:55 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.08.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.07.2007 no virus found
BitDefender 7.2 01.08.2007 no virus found
CAT-QuickHeal 9.00 01.06.2007 no virus found
ClamAV devel-20060426 01.07.2007 no virus found
DrWeb 4.33 01.07.2007 no virus found
eSafe 7.0.14.0 01.07.2007 no virus found
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3307 01.06.2007 no virus found
Ewido 4.0 01.07.2007 no virus found
Fortinet 2.82.0.0 01.08.2007 no virus found
F-Prot 3.16f 01.05.2007 no virus found
F-Prot4 4.2.1.29 01.05.2007 no virus found
Ikarus T3.1.0.27 01.07.2007 no virus found
Kaspersky 4.0.2.24 01.08.2007 no virus found
McAfee 4933 01.05.2007 no virus found
Microsoft 1.1904 01.07.2007 no virus found
NOD32v2 1961 01.08.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.07.2007 no virus found
Prevx1 V2 01.08.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.145 01.07.2007 no virus found
UNA 1.83 01.06.2007 no virus found
VBA32 3.11.1 01.08.2007 no virus found
VirusBuster 4.3.19:9 01.07.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
 
N

· Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
Here is the Combofix Log

Owner - 07-01-07 21:52:59.40 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe
C:\WINDOWS\eliteunstall.exe
C:\WINDOWS\YOINSI.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\Application Data\APPATC~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\CROSOF~1.NET
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\DOBE~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\ECURIT~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\FNTS~2
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\PPATCH~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\SKS~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\SSTEM3~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\STEM~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\CURITY~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ECURIT~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\FNTS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\FNTS~2
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\PPPATC~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\TSKS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\YSTEM3~1
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\ECURIT~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\FNTS~2
C:\QooBox\Purity\Program Files\ICROSO~1
C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\MCROSO~1.NET
C:\QooBox\Purity\Program Files\PPPATC~2
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\YSTEM3~1
C:\QooBox\Purity\Program Files\YSTEM~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\Common Files\CROSOF~2.NET
C:\QooBox\Purity\Program Files\Common Files\ECURIT~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~2
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1
C:\QooBox\Purity\Program Files\Common Files\ICROSO~2
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\SMANTE~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM3~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\STEM32~1
C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET\??crosoft.NET
C:\QooBox\Purity\WINDOWS\APPATC~1
C:\QooBox\Purity\WINDOWS\CROSOF~1
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\CROSOF~2
C:\QooBox\Purity\WINDOWS\DOBE~2
C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\PPATCH~1
C:\QooBox\Purity\WINDOWS\PPATCH~2
C:\QooBox\Purity\WINDOWS\PPPATC~1
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\SMBOLS~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1
C:\QooBox\Purity\WINDOWS\SSTEM~1
C:\QooBox\Purity\WINDOWS\STEM~1
C:\QooBox\Purity\WINDOWS\WNSXS~1
C:\QooBox\Purity\WINDOWS\YSTEM~1
C:\QooBox\Purity\WINDOWS\PPATCH~1\?hkntfs.exe
C:\QooBox\Purity\WINDOWS\system32\APPATC~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\system32\MANTEC~1
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
C:\QooBox\Purity\WINDOWS\system32\PPPATC~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~2
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\SKS~1
C:\QooBox\Purity\WINDOWS\system32\TSKS~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1

((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))

2007-01-07 14:51 d-------- C:\WINDOWS\LastGood.Tmp
2007-01-04 14:51 d-------- C:\Documents and Settings\Owner\Application Data\FunWebProducts
2007-01-04 14:48 d-------- C:\Program Files\MyWebSearch
2007-01-04 14:48 d-------- C:\Program Files\FunWebProducts
2007-01-03 16:08 72,704 --------- C:\WINDOWS\system32\Odbctl32.dll
2007-01-03 16:08 252,176 --------- C:\WINDOWS\system32\Msrd2x35.dll
2007-01-03 16:08 169,984 --a------ C:\WINDOWS\system32\MSLTUS35.DLL
2007-01-03 16:08 d-------- C:\Program Files\GospeLink
2006-12-31 12:36 dr-h----- C:\$VAULT$.AVG
2006-12-31 11:34 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-31 11:34 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-31 11:34 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-31 11:34 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-31 11:34 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-31 11:34 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-31 11:34 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-12-31 11:33 d-------- C:\Program Files\Grisoft
2006-12-31 11:33 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-31 11:33 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-31 10:23 d-------- C:\WINDOWS\system32\ZoneLabs
2006-12-31 10:23 d-------- C:\Program Files\Zone Labs
2006-12-31 10:10 d-------- C:\WINDOWS\Internet Logs
2006-12-30 01:55 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-12-30 01:53 d-------- C:\Program Files\Sonic
2006-12-30 01:53 d-------- C:\Program Files\RecordNow!
2006-12-30 01:53 d-------- C:\Program Files\Common Files\SureThing Shared
2006-12-30 01:53 d-------- C:\Program Files\Common Files\Sonic
2006-12-30 01:53 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2006-12-30 01:51 d-------- C:\Softpaq
2006-12-29 13:00 d-------- C:\Program Files\Hijackthis
2006-12-28 21:40 d-------- C:\Program Files\iTunes
2006-12-23 22:41 d-------- C:\Program Files\Full Tilt Poker
2006-12-23 16:54 d-------- C:\Program Files\Photo Story 3 for Windows
2006-12-21 15:34 d-------- C:\WINDOWS\system32\NtmsData
2006-12-15 15:38 d--h----- C:\WINDOWS\$hf_mig$
2006-12-11 12:11 d-------- C:\Program Files\moveminute
2006-12-11 12:11 d-------- C:\Documents and Settings\Owner\Application Data\MoveMinutes
2006-12-07 20:14 d-------- C:\Documents and Settings\All Users\Application Data\Softdisk LLC

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-07 21:54 -------- d-------- C:\Program Files\Common Files
2007-01-07 21:52 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-06 22:38 -------- d-------- C:\Program Files\MSN Messenger
2007-01-06 22:38 -------- d-------- C:\Program Files\Internet Explorer
2007-01-03 16:08 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-31 12:36 -------- d-------- C:\Program Files\BraveSentry
2006-12-31 11:25 -------- d-------- C:\Program Files\WinCleaner AntiVirus
2006-12-31 11:22 2 --a------ C:\WINDOWS\system32\wnsintsu.exe
2006-12-28 21:40 -------- d-------- C:\Program Files\iPod
2006-12-23 16:55 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-12-21 15:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-21 14:57 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-12-15 22:48 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 22:48 -------- d-------- C:\Program Files\Common Files\System
2006-12-11 14:50 -------- d-------- C:\Program Files\InterVideo
2006-12-11 14:46 -------- d-------- C:\Program Files\Common Files\Real
2006-12-11 14:46 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-12-06 22:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 21:56 -------- d-------- C:\Program Files\QuickTime
2006-12-05 21:54 -------- d-------- C:\Program Files\Apple Software Update
2006-11-26 13:28 -------- d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-11-22 08:57 -------- d-------- C:\Program Files\OIN Search
2006-11-13 23:23 -------- d-------- C:\Program Files\Java
2006-11-13 23:15 -------- d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2006-11-11 21:48 -------- d-------- C:\Program Files\Registry Mechanic
2006-11-11 21:41 -------- d-------- C:\Program Files\IANAG Software
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 06:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MoveMinutesQuickCheck"="\"c:\\program files\\moveminute\\05091201\\movemedia.exe\" /boot"
"RecordNow!"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"elitemedia"="C:\\WINDOWS\\elitemediapop.exe"
"{08-8B-BF-FC-ZN}"="C:\\windows\\system32\\qodsregm.exe FI002"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UpdateManager"="\"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Mixer
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winptp32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5D11C63E-3102-476A-8F55-60356CF8CE44}.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 07-01-07 21:58:22.21
C:\ComboFix.txt ... 07-01-07 21:58
 
N

· Registered
Joined
·
7 Posts
Discussion Starter · #8 ·
Here is the Hijack this logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:00:50 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\moveminute\05091201\movemedia.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\Program Files\blcorp\WinCleaner AntiSpyware\WCAntiSpy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.juno.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - (no file)
O2 - BHO: (no name) - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - (no file)
O2 - BHO: (no name) - {E7653972-D6CE-AF65-B369-FD7A97970CEA} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\windows\system32\qodsregm.exe FI002
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoveMinutesQuickCheck] "c:\program files\moveminute\05091201\movemedia.exe" /boot
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Startup: WCAntiSpy.lnk = C:\Program Files\blcorp\WinCleaner AntiSpyware\WCAntiSpy.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152551038828
O16 - DPF: {9294206B-A9B2-4F73-938E-89F694F48101} (MoveMinute Browser Object) - http://xlonhcld.xlontech.net/100348/moveminute4/ldsdlprod.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.bigfishgames.com/en_chuzzledeluxe/online/13/popcaploader_v10.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - (no file)
O20 - AppInit_DLLs: repairs303169554.dll attrib.dll
O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winptp32 - winptp32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for your help,

Chris
 
T

· Registered
Joined
·
177 Posts
#9 ·
No problem about the delay.

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please do the following...

We need to download some tools to use later.

1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

2. Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Don't use these yet!

Lets continue with the fix...

3. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O2 - BHO: (no name) - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - (no file)
O2 - BHO: (no name) - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - (no file)
O2 - BHO: (no name) - {E7653972-D6CE-AF65-B369-FD7A97970CEA} - (no file)

O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\windows\system32\qodsregm.exe FI002
O4 - Startup: PowerReg Scheduler V3.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.bigfishgames.com/en_chu...loader_v10.cab

O20 - AppInit_DLLs: repairs303169554.dll attrib.dll
O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)
O20 - Winlogon Notify: winptp32 - winptp32.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

4. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
5. Make sure you can view hidden files and folders:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
6. Find and delete the following in RED, if present:

C:\WINDOWS\elitemediapop.exe
C:\WINDOWS\system32\qodsregm.exe
C:\WINDOWS\system32\attrib.dll
C:\WINDOWS\system32\repairs303169554.dll

7. Double-click ATF Cleaner.exe to open it.

Under Main select the following:

  • [*]Windows Temp
    [*]Current User Temp
    [*]All Users Temp
    [*]Temporary Internet Files
    [*]Prefetch
    [*]Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

8. Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode

9. Please run ComboFix once more and save the new log

10. I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
11. Please post the following...

1) AVG anti-spyware log
2) ComboFix log
3) Uninstall list
4) New HijackThis log

You may need several replies so the logs do not get cut off.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
About this Discussion
8 Replies
2 Participants
Last post:
Trogan
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top