Thread: Downloader.agent.uj
View Single Post
Old 08-02-2006, 11:02 AM   #12 (permalink)
blitz960
Registered User
 
Join Date: Aug 2004
Posts: 24
OS: Win XP


Hello ried, .
I'm glad that downloader.agent.uj is not of any worries now. ... umm... i think i downloaded winace from the winace website. it would not let me run hijackthis without winace.
below is my report from combofix. btw, .. there are a few sites that i have to access for my work but it seems like i can't get on to it. everytime i type in the address, a blank page comes up and says, .."Ad blocked here by KPF"... do you know why?... those are a few sites i really have to have access to. .. thank you.

Start Time= Wed 08/02/2006 11:51:58.12
Running from: C:\Documents and Settings\Brittney\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-31 11:00:36 ( .D... ) "C:\Program Files\hijackthis2"
2006-07-29 16:41:56 ( .D... ) "C:\Program Files\Sunbelt Software"
2006-07-29 16:30:28 ( .D... ) "C:\Program Files\Alwil Software"
2006-07-26 18:10:14 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\SYSTEM32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\SYSTEM32\iphlpapi.dll"
2005-03-13 05:18:12 7741336 ( A.... ) "C:\Program Files\DivX521XP2K.exe"
2005-03-13 05:05:02 8414282 ( A.... ) "C:\Program Files\vlc-0.6.2.dmg"
2005-03-13 04:43:58 7071334 ( A.... ) "C:\Program Files\vlc-0.8.1-win32.exe"
2005-02-19 16:07:56 295120 ( A.... ) "C:\Program Files\NSSetup.exe"
2004-10-03 00:50:56 315624 ( A.... ) "C:\Program Files\dxwebsetup.exe"
2004-10-03 00:48:24 10135688 ( A.... ) "C:\Program Files\MPSetupXP.exe"
2004-08-20 12:49:40 266240 ( A.... ) "C:\Program Files\ie-spyad.exe"
2004-08-19 19:52:22 0 ( ..SHR ) "C:\Program Files\q330994.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-01 00:46 266,407,936 C:\hiberfil.sys
2006-07-31 10:58 218,112 C:\HijackThis.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"MSMsgSvc"=""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Brittney.job

Completion time: Wed 08/02/2006 11:52:55.37
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
blitz960 is offline