Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Linkmaster » November 21st, 2006, 8:01 am

I dont see anything in your logs !

Lets try one more scan :

Download and Extract ComboFix to your Desktop

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Double click on combofix.exe

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall

When finished, it will produce a log for you

Reboot to Normal Mode

Post a fresh HijackThis log along with the ComboFix log here
(You may need to use several replies as the logs may be cut off)

Thank you !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Advertisement
Register to Remove

Unread postby guyver » November 21st, 2006, 12:51 pm

Logfile of HijackThis v1.99.1
Scan saved at 10:51:39 AM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby guyver » November 21st, 2006, 12:53 pm

Stefan0 - 06-11-21 10:37:59.21 Service Pack 2
ComboFix 06.11.19W - Running from: "C:\Documents and Settings\Stefan0\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\Program Files\CROSOF~1
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-476.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-477.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-478.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-479.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-480.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-491.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-495.0006
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0000
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0001
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0002
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0003
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0004
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0005
C:\qoobox\purity\Program Files\CROSOF~1\??crosoft\ctxad-496.0006


((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))


2006-11-20 14:49 <DIR> d-------- C:\avenger
2006-11-20 00:25 <DIR> d-------- C:\Documents and Settings\Stefan0\Application Data\.BitTornado
2006-11-19 23:35 <DIR> d-------- C:\Program Files\BitTornado
2006-11-19 23:34 <DIR> d--hs---- C:\Config.Msi
2006-11-19 19:37 <DIR> d-------- C:\Program Files\MSN Games
2006-11-19 15:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-11-19 14:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-19 14:45 <DIR> d-------- C:\Program Files\Grisoft
2006-11-19 14:20 <DIR> d-------- C:\Program Files\HJT
2006-11-19 00:54 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-11-19 00:54 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-11-18 14:47 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-17 14:35 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-11-09 17:23 <DIR> d-------- C:\Program Files\RADVideo
2006-11-09 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2006-11-01 11:30 <DIR> d-------- C:\Program Files\Electronic Arts


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-21 10:43 -------- d-------- C:\Program Files\Common Files
2006-11-21 10:35 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\Xfire
2006-11-21 10:23 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\uTorrent
2006-11-21 10:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-20 00:25 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\.BitTornado
2006-11-19 13:17 -------- d-------- C:\Program Files\Ares
2006-11-19 12:55 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\Lavasoft
2006-11-19 02:09 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-18 00:43 -------- d---s---- C:\Program Files\Xfire
2006-11-15 11:29 -------- d-------- C:\Program Files\Internet Explorer
2006-11-12 12:30 -------- d-------- C:\Program Files\acp
2006-11-12 05:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-08 23:18 -------- d-------- C:\Program Files\MSN Messenger
2006-11-07 10:20 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\Real
2006-10-22 16:35 -------- d-------- C:\Program Files\allie's folder
2006-10-18 16:31 -------- d---s---- C:\Documents and Settings\Stefan0\Application Data\Microsoft
2006-10-18 16:26 -------- d-------- C:\Program Files\Microsoft Office
2006-10-18 16:26 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-18 16:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-18 16:26 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-15 21:12 -------- d-------- C:\Program Files\Haali
2006-10-15 21:12 -------- d-------- C:\Program Files\CoreCodec
2006-10-15 21:10 -------- d-------- C:\Program Files\DirectVobSub
2006-10-15 15:47 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\SEGA
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-09 23:59 -------- d-------- C:\Program Files\Windows Media Player
2006-10-09 23:40 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\Media Player Classic
2006-10-09 23:39 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-09 16:54 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\PlayFirst
2006-10-06 11:42 -------- d-------- C:\Program Files\Radical Games
2006-10-01 17:45 -------- d-------- C:\Program Files\Ray Adams
2006-09-23 11:22 -------- d-------- C:\Documents and Settings\Stefan0\Application Data\yoclient
2006-09-13 22:14 593938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 07:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 21:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --------- C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --------- C:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-08-24 21:30 276480 --------- C:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --------- C:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --------- C:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 21:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-08-24 21:30 1660416 --------- C:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-08-24 21:30 1327616 --------- C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-21 04:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 01:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AtiTrayTools"="\"C:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe\""
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AtiPTA"="C:\\WINDOWS\\SYSTEM32\\ATIPTAXX.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Completion time: 06-11-21 10:44:07.01
C:\ComboFix.txt ... 06-11-21 10:44
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby Linkmaster » November 21st, 2006, 2:47 pm

Delete this folder : C:\qoobox

Empty your recycle bin

How is it running now ??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby guyver » November 21st, 2006, 5:04 pm

its the same
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby Linkmaster » November 21st, 2006, 6:11 pm

Download FindAWF© by noadhfear to your Desktop

Double Click on FindAWF.exe to run it

When finished, it will produce a file called awf.txt

Copy and Paste the contents of the awf.txt file here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby guyver » November 21st, 2006, 6:15 pm

Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~

21504 "C:\Program Files\RADVideo\smackmix.exe"
21504 "C:\WINDOWS\Prefetch\A~NSISU_.EXE-2AC71F07.pf"


21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby Linkmaster » November 21st, 2006, 9:28 pm

Try this :

Start, Run, type cmd then hit OK

At the prompt type [i]tracert <type in the game server you are to access>
(be sure to leave a space between tracert and the server address)
Then hit enter

example : tracert http://www.xfire.com

The results will look similar to this :

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\*******>tracert http://www.google.com

Tracing route to http://www.l.google.com [72.14.203.99]
over a maximum of 30 hops:

1 3 ms 1 ms 3 ms 192.168.1.1
2 13 ms 9 ms * ip72-204-32-1.fv.ks.cox.net [72.204.32.1]
3 11 ms 10 ms *


If you get any * those are dropped It could be that between you and the game site the router is causing you to drop
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby guyver » November 22nd, 2006, 12:53 am

i dont know the ip of the game server
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby guyver » November 22nd, 2006, 1:02 am

ya there is, so what now?
Image
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby guyver » November 22nd, 2006, 1:56 am

how do we make it so the internet doenst drop out?
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby Linkmaster » November 22nd, 2006, 7:55 am

It seems that a router inbetween you and the game site is dropping the connection !!

* 18ms * 142.165.60.130

and the * with the request timed out !

I can ping that address from here just fine.

I would check your Internet provider and see if they are having problems. I run into that myself. They say they don't have any problems but if you tell them you ran a tracert they usually find one. Also contact the game site and tell them what is going on !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby guyver » November 22nd, 2006, 1:06 pm

ya im definetly gonna have to call again.
i woke up this mornin and this was on my screen.

Image

internet woudlnt work, did after i rebooted though...

thanks for all you help, atleast i know my pc is healthy now lol
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am

Unread postby Linkmaster » November 22nd, 2006, 1:11 pm

Your log seems to be OK now !!

Just one more thing :
**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

How is your system running now ??

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Real Time Prevention
SpywareBlaster© by Javacool Software :
*Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests
*Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
*Restrict the actions of potentially dangerous sites in Internet Explorer.
*Consumes no system resources

*Download, run, check for updates, download updates, select all, protect against checked. All done
*Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Good Free Antivirus Programs:
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Free Personal Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Outpost Firewall Free© by Agnitum Ltd
Jetico Personal Firewall© by Jetico, Inc.

Alternative Browsers :
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness
FireFox© by Mozilla
Opera© by Opera Software ASA

I suggest that you Update Java:
Go to Start, Control Panel, Add/Remove Programs
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) and select Remove
Then Download and install the newest version :
JAVA SOFTWARE MANUAL DOWNLOAD

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby guyver » November 22nd, 2006, 5:01 pm

i think im good to go, thnx again for all your help :)

ill let u know if i get my connection sorted out.

PEACE!
guyver
Regular Member
 
Posts: 23
Joined: November 19th, 2006, 1:19 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware