|
|
|
WinAntivirusPro / SysProtect (argh)
|
|
|
a226a
Newbie
|
26. August 2006 @ 16:04 |
Link to this message
|
Hi, this common problem seems to have struck me down, this is the log...
thanks in advance
Logfile of HijackThis v1.99.1
Scan saved at 00:38:15, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Yusuf\Desktop\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Advertisement
|
|
|
|
Senior Member
|
26. August 2006 @ 18:12 |
Link to this message
|
Go here http://www.atribune.org/ccount/click.php?id=4 download VundoFix.exe to your desktop.
Open VundoFix.exe
Put a check next to Run VundoFix as a task.
Prompt about close adn reopen. Click OK.
After reopen, click Scan for Vundo.
When finish, click Remove Vundo.
Prompt - remove. Click OK.
Your desktop will go blank as it starts removal.
Prompt for shutdown. Click OK.
Post new HijackThis log along with C:\vundofix.txt.
|
|
Rawe
Junior Member
|
27. August 2006 @ 02:26 |
Link to this message
|
Niobis -- just to note, it's an old canned actually :)
VundoFix 6 has new instructions.
Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Proud member of 
since 2005.
|
|
a226a
Newbie
|
27. August 2006 @ 08:43 |
Link to this message
|
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.7
Scan started at 03:38:56 27/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\byxvsro.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.tmp
C:\WINDOWS\system32\bkdanpmk.exe
C:\WINDOWS\system32\blwjdcho.exe
C:\WINDOWS\system32\csrousgd.exe
C:\WINDOWS\system32\fgjdxlac.exe
C:\WINDOWS\system32\gwvrspkd.exe
C:\WINDOWS\system32\gybldfey.exe
C:\WINDOWS\system32\hvfjekjm.exe
C:\WINDOWS\system32\ufbbsirx.exe
C:\WINDOWS\system32\uoxyxhkh.exe
C:\WINDOWS\system32\uydafyfp.exe
C:\WINDOWS\System32\Drivers\DP.sys
Beginning removal...
Attempting to delete C:\WINDOWS\system32\byxvsro.dll
C:\WINDOWS\system32\byxvsro.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.tmp
C:\WINDOWS\system32\vycdd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\bkdanpmk.exe
C:\WINDOWS\system32\bkdanpmk.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\blwjdcho.exe
C:\WINDOWS\system32\blwjdcho.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\csrousgd.exe
C:\WINDOWS\system32\csrousgd.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\fgjdxlac.exe
C:\WINDOWS\system32\fgjdxlac.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gwvrspkd.exe
C:\WINDOWS\system32\gwvrspkd.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gybldfey.exe
C:\WINDOWS\system32\gybldfey.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvfjekjm.exe
C:\WINDOWS\system32\hvfjekjm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ufbbsirx.exe
C:\WINDOWS\system32\ufbbsirx.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\uoxyxhkh.exe
C:\WINDOWS\system32\uoxyxhkh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\uydafyfp.exe
C:\WINDOWS\system32\uydafyfp.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\Drivers\DP.sys
C:\WINDOWS\System32\Drivers\DP.sys Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.7
Scan started at 03:43:24 27/08/2006
Listing files found while scanning....
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.7
Scan started at 04:14:59 27/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddcyv.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.7
Scan started at 15:48:17 27/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.7
Scan started at 15:55:04 27/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddcyv.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Performing Repairs to the registry.
Done!
hijack this...
Logfile of HijackThis v1.99.1
Scan saved at 17:42:48, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\{5CCD58F2-08A2-2057-0623-05030806002c}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinampI\winamp.exe
C:\WINDOWS\System32\CTPdeSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Yusuf\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C7E8A14-AF98-4F76-AD93-69AD1DC13169} - C:\WINDOWS\System32\ddcyv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Rawe
Junior Member
|
27. August 2006 @ 09:16 |
Link to this message
|
Download http://download.bleepingcomputer.com/sUBs/combofix.exe to your desktop.
Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Proud member of
since 2005.
This message has been edited since posting. Last time this message was edited on 27. August 2006 @ 09:16
|
|
a226a
Newbie
|
27. August 2006 @ 09:22 |
Link to this message
|
Yusuf - 06-08-27 18:18:39.04
ComboFix 06.08.26BT - Running from: C:\Documents and Settings\Yusuf\Desktop
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{5CCD58F2-08A2-2057-0623-05030806002c}
((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))
2006-08-27 04:16 13,844 --a------ C:\WINDOWS\system32\xwgyckxx.exe
2006-08-26 23:15 106,496 --a------ C:\WINDOWS\system32\atl71.dll
2006-08-26 14:28 13,844 --a------ C:\WINDOWS\system32\smyskrgv.exe
2006-08-26 01:16 13,844 --a------ C:\WINDOWS\system32\hyniprlw.exe
2006-08-25 17:06 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2006-08-25 14:12 13,844 --a------ C:\WINDOWS\system32\amxnjitj.exe
2006-08-24 22:00 13,844 --a------ C:\WINDOWS\system32\svhroaop.exe
2006-08-24 21:55 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2006-08-24 21:52 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-08-24 21:52 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-08-24 15:19 13,844 --a------ C:\WINDOWS\system32\culosusu.exe
2006-08-23 20:18 13,844 --a------ C:\WINDOWS\system32\nyjiuela.exe
2006-08-22 09:04 13,844 --a------ C:\WINDOWS\system32\nhwlrkak.exe
2006-08-21 19:06 13,844 --a------ C:\WINDOWS\system32\thenldwb.exe
2006-08-18 00:08 2,580 --a------ C:\WINDOWS\system32\ceqghskb.exe
2006-08-17 15:15 2,580 --a------ C:\WINDOWS\system32\kydbrgvp.exe
2006-08-17 03:32 2,580 --a------ C:\WINDOWS\system32\anlnyjws.exe
2006-08-17 02:45 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-16 23:35 2,580 --a------ C:\WINDOWS\system32\edynrctq.exe
2006-08-16 18:29 2,580 --a------ C:\WINDOWS\system32\kfstjrns.exe
2006-08-15 01:43 2,580 --a------ C:\WINDOWS\system32\prfuoqsr.exe
2006-08-15 01:43 12,308 --a------ C:\WINDOWS\system32\wvyginwe.exe
2006-08-15 00:47 2,580 --a------ C:\WINDOWS\system32\vhugclvy.exe
2006-08-15 00:47 12,308 --a------ C:\WINDOWS\system32\daqwvjav.exe
2006-08-13 22:43 2,580 --a------ C:\WINDOWS\system32\pdvvousm.exe
2006-08-13 18:26 2,580 --a------ C:\WINDOWS\system32\ctmuojof.exe
2006-08-13 00:48 2,580 --a------ C:\WINDOWS\system32\jlattwpm.exe
2006-08-12 13:46 2,580 --a------ C:\WINDOWS\system32\kvwwhico.exe
2006-08-11 22:22 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-10 22:35 2,580 --a------ C:\WINDOWS\system32\eyhthayk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-27 18:20 -------- d-------- C:\Program Files\Common Files
2006-08-27 17:41 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-27 03:08 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\uTorrent
2006-08-26 16:17 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\CyberLink
2006-08-26 16:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-26 16:16 -------- d-------- C:\Program Files\CyberLink
2006-08-25 16:54 -------- d-------- C:\Program Files\Audible
2006-08-24 22:10 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Creative
2006-08-24 21:51 -------- d-------- C:\Program Files\Creative
2006-08-24 21:50 -------- d-------- C:\Program Files\Windows Media Player
2006-08-20 16:01 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\AdobeUM
2006-08-12 01:33 -------- d---s---- C:\Documents and Settings\Yusuf\Application Data\Microsoft
2006-08-11 22:49 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-11 22:49 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-11 22:46 90240 --a------ C:\WINDOWS\system32\drivers\sptd3021.sys
2006-08-11 22:46 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-11 22:17 -------- d-------- C:\Program Files\Rockstar Games
2006-08-11 18:58 -------- d-------- C:\Program Files\Soulseek
2006-08-09 23:11 -------- d-------- C:\Program Files\Sony Ericsson
2006-08-08 17:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-05 16:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 16:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 16:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 16:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-04 02:07 -------- d-------- C:\Program Files\Graal
2006-08-04 01:03 -------- d-------- C:\Program Files\Opera
2006-08-04 01:03 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Opera
2006-07-26 12:49 65556 --a------ C:\WINDOWS\system32\pxxnjsin.exe
2006-07-25 23:13 65556 --a------ C:\WINDOWS\system32\ywrlmwxx.exe
2006-07-25 20:57 65556 --a------ C:\WINDOWS\system32\ijogddkf.exe
2006-07-25 17:16 -------- d-------- C:\Program Files\WinampI
2006-07-25 00:17 65556 --a------ C:\WINDOWS\system32\rlxbshsa.exe
2006-07-25 00:17 17750 --a------ C:\WINDOWS\system32\lomufrqg.exe
2006-07-25 00:14 -------- d-------- C:\Program Files\NetMeeting
2006-07-25 00:10 -------- d-------- C:\Program Files\Outlook Express
2006-07-25 00:10 -------- d-------- C:\Program Files\Common Files\System
2006-07-25 00:09 65556 --a------ C:\WINDOWS\system32\xxsimebw.exe
2006-07-25 00:09 17750 --a------ C:\WINDOWS\system32\vtiuxaed.exe
2006-07-25 00:09 -------- d-------- C:\Program Files\Messenger
2006-07-23 23:35 17750 --a------ C:\WINDOWS\system32\fgbqavtt.exe
2006-07-23 18:18 17750 --a------ C:\WINDOWS\system32\npwxbsox.exe
2006-07-23 14:56 17750 --a------ C:\WINDOWS\system32\fdnrirbc.exe
2006-07-23 14:42 17750 --a------ C:\WINDOWS\system32\goemrqbt.exe
2006-07-22 20:26 17750 --a------ C:\WINDOWS\system32\mwlkywar.exe
2006-07-22 19:08 17750 --a------ C:\WINDOWS\system32\ujlrcmcs.exe
2006-07-22 17:22 17750 --a------ C:\WINDOWS\system32\cxechfek.exe
2006-07-22 16:33 -------- d-------- C:\Program Files\Acoustica MP3 Audio Mixer
2006-07-22 14:12 17750 --a------ C:\WINDOWS\system32\kqidjqlf.exe
2006-07-22 13:57 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-07-22 13:57 -------- d-------- C:\Program Files\Common Files\Designer
2006-07-22 13:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-22 13:50 -------- d-------- C:\Program Files\Microsoft Office
2006-07-22 13:50 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Microsoft Web Folders
2006-07-22 13:47 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-22 12:50 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-07-22 02:46 17750 --a------ C:\WINDOWS\system32\psupkhpu.exe
2006-07-22 02:01 17750 --a------ C:\WINDOWS\system32\rbeayfjm.exe
2006-07-21 13:59 17750 --a------ C:\WINDOWS\system32\xawsvpty.exe
2006-07-21 01:25 17750 --a------ C:\WINDOWS\system32\gynlvkbr.exe
2006-07-20 21:57 17750 --a------ C:\WINDOWS\system32\rmwaswmr.exe
2006-07-20 19:27 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\IGN_DLM
2006-07-20 19:26 -------- d-------- C:\Program Files\IGN
2006-07-17 00:16 -------- d-------- C:\Program Files\Steam
2006-07-11 21:55 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-07-11 21:47 -------- d-------- C:\Program Files\Ubisoft
2006-07-11 15:43 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-07-11 15:41 -------- d-------- C:\Program Files\Futuremark
2006-07-10 19:04 -------- d-------- C:\Program Files\Bethesda Softworks
2006-07-10 19:02 -------- d-------- C:\Program Files\WinRAR
2006-07-07 20:18 -------- d-------- C:\Program Files\EPSON
2006-07-07 19:41 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\FarStone
2006-06-30 19:12 -------- d-------- C:\Program Files\Silicon Image
2006-06-30 19:08 -------- d-------- C:\Program Files\Marvell
2006-06-29 02:20 -------- d-------- C:\Program Files\DivX
2006-06-27 14:23 -------- d-------- C:\Program Files\Lavasoft
2006-06-27 14:23 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Lavasoft
2006-06-27 14:21 -------- d-------- C:\Program Files\Alwil Software
2006-06-27 01:22 -------- d-------- C:\Program Files\QuickTime
2006-06-27 01:22 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Apple Computer
2006-06-22 22:46 147495 --a------ C:\WINDOWS\system32\rmocx.dll
2006-06-17 23:11 737280 --a------ C:\WINDOWS\iun6002.exe
2006-06-17 23:06 62 --ahs---- C:\Documents and Settings\Yusuf\Application Data\desktop.ini
2006-06-17 22:24 0 -rahs---- C:\MSDOS.SYS
2006-06-17 22:24 0 -rahs---- C:\IO.SYS
2006-06-17 22:24 0 --a------ C:\CONFIG.SYS
2006-06-17 22:24 0 --a------ C:\AUTOEXEC.BAT
2006-06-15 22:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-15 22:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-15 22:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-15 22:55 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-14 18:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-12 20:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvuide.exe
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvuaudio.exe
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\""
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SoundMan"="SOUNDMAN.EXE"
"RAMDrive"="\"C:\\Program Files\\FarStone\\VirtualDrive\\VHD\\RDTask.exe\" /AutoRestore"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveAutoRun"=dword:00000020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ASUS SmartDoctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartDoctor"
"hkey"="HKCU"
"command"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GameFace Messenger]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameFace"
"hkey"="HKLM"
"command"="C:\\Program Files\\GameFace Messenger\\GameFace.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TClock.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tclock_install"
"hkey"="HKCU"
"command"="C:\\Program Files\\TClock\\tclock_install.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32
Completion time: 27/08/2006 18:20:49.64
ComboFix.txt
|
|
Rawe
Junior Member
|
27. August 2006 @ 10:13 |
Link to this message
|
Please download the http://www.downloads.subratam.org/KillBox.zip.
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
Then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\xwgyckxx.exe
C:\WINDOWS\system32\smyskrgv.exe
C:\WINDOWS\system32\hyniprlw.exe
C:\WINDOWS\system32\affv208325p1now.sys
C:\WINDOWS\system32\amxnjitj.exe
C:\WINDOWS\system32\svhroaop.exe
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\culosusu.exe
C:\WINDOWS\system32\nyjiuela.exe
C:\WINDOWS\system32\nhwlrkak.exe
C:\WINDOWS\system32\thenldwb.exe
C:\WINDOWS\system32\ceqghskb.exe
C:\WINDOWS\system32\kydbrgvp.exe
C:\WINDOWS\system32\anlnyjws.exe
C:\WINDOWS\system32\edynrctq.exe
C:\WINDOWS\system32\kfstjrns.exe
C:\WINDOWS\system32\prfuoqsr.exe
C:\WINDOWS\system32\wvyginwe.exe
C:\WINDOWS\system32\vhugclvy.exe
C:\WINDOWS\system32\daqwvjav.exe
C:\WINDOWS\system32\pdvvousm.exe
C:\WINDOWS\system32\ctmuojof.exe
C:\WINDOWS\system32\jlattwpm.exe
C:\WINDOWS\system32\kvwwhico.exe
C:\WINDOWS\system32\eyhthayk.exe
C:\WINDOWS\system32\pxxnjsin.exe
C:\WINDOWS\system32\ywrlmwxx.exe
C:\WINDOWS\system32\ijogddkf.exe
C:\WINDOWS\system32\rlxbshsa.exe
C:\WINDOWS\system32\lomufrqg.exe
C:\WINDOWS\system32\xxsimebw.exe
C:\WINDOWS\system32\vtiuxaed.exe
C:\WINDOWS\system32\fgbqavtt.exe
C:\WINDOWS\system32\npwxbsox.exe
C:\WINDOWS\system32\fdnrirbc.exe
C:\WINDOWS\system32\goemrqbt.exe
C:\WINDOWS\system32\mwlkywar.exe
C:\WINDOWS\system32\ujlrcmcs.exe
C:\WINDOWS\system32\cxechfek.exe
C:\WINDOWS\system32\kqidjqlf.exe
C:\WINDOWS\system32\psupkhpu.exe
C:\WINDOWS\system32\rbeayfjm.exe
C:\WINDOWS\system32\xawsvpty.exe
C:\WINDOWS\system32\gynlvkbr.exe
C:\WINDOWS\system32\rmwaswmr.exe
C:\WINDOWS\system32\rmocx.dll
C:\WINDOWS\iun6002.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe to download and run missingfilesetup.exe. Then try Killbox again.
----
Surf here: www.virustotal.com
To the blank field next to the "Browse" button, paste this:
C:\WINDOWS\system32\drivers\sptd3021.sys
Hit "Send". Be patient until it starts scanning. Paste the results once all the scanners have finished.
----
Post back with the virustotal results and a fresh HijackThis log :)
Proud member of
since 2005.
|
|
a226a
Newbie
|
27. August 2006 @ 15:02 |
Link to this message
|
Complete scanning result of "sptd3021.sys_", received in VirusTotal at 08.28.2006, 00:57:25 (CET).
Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found
Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
packers: ZIP
|
|
a226a
Newbie
|
27. August 2006 @ 18:44 |
Link to this message
|
sorry forgot the hijack this part...
Logfile of HijackThis v1.99.1
Scan saved at 03:44:12, on 28/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Yusuf\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C7E8A14-AF98-4F76-AD93-69AD1DC13169} - C:\WINDOWS\System32\ddcyv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Rawe
Junior Member
|
28. August 2006 @ 03:17 |
Link to this message
|
Proud member of
since 2005.
|
|
a226a
Newbie
|
28. August 2006 @ 05:35 |
Link to this message
|
|
I'm guessing you only want a registry scan, if i'm wrong i will do it again...
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:35:04 28/08/2006
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
::Report end
|
|
Rawe
Junior Member
|
28. August 2006 @ 06:03 |
Link to this message
|
|
Did you read the instructions at-all????
See THIS step for reference (you didn't seem to set Ewido to quarantine any of it's findings):
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
See this step for reference (once you have followed the instructions to the point where to run the scan...........):
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
Be sure you do THIS step:
If you have any infections you will prompted, then select "Apply all actions" (Make sure the recommended course of action is set to QUARANTINE by changing that setting as described above). :)
Proud member of
since 2005.
|
|
a226a
Newbie
|
28. August 2006 @ 06:10 |
Link to this message
|
|
sorry :(
i will do it now
|
|
a226a
Newbie
|
28. August 2006 @ 09:49 |
Link to this message
|
|
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:44:06 28/08/2006
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxvsro.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcyv.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
E:\scottball is nang\xp user\Desktop\crap archive\Crap 7\Read It NOW!!!.hta -> Downloader.Inor.cj : Cleaned with backup (quarantined).
E:\scottball is nang\xp user\Desktop\crap archive\crap4\MsgPlus-254.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
C:\VundoFix Backups\blwjdcho.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\csrousgd.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\fgjdxlac.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\gybldfey.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\hvfjekjm.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\ufbbsirx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\uoxyxhkh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\!KillBox\amxnjitj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\culosusu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\hyniprlw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\nhwlrkak.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\nyjiuela.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\smyskrgv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\svhroaop.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\thenldwb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\xwgyckxx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\!KillBox\cxechfek.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\fdnrirbc.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\fgbqavtt.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\goemrqbt.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\gynlvkbr.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\ijogddkf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\kqidjqlf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\lomufrqg.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\mwlkywar.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\npwxbsox.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\psupkhpu.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\pxxnjsin.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\rbeayfjm.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\rlxbshsa.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\rmwaswmr.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\ujlrcmcs.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\vtiuxaed.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\xawsvpty.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\xxsimebw.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\ywrlmwxx.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\VundoFix Backups\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\!KillBox\daqwvjav.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\!KillBox\wvyginwe.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\bkdanpmk.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\gwvrspkd.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\uydafyfp.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
::Report end
|
|
Rawe
Junior Member
|
28. August 2006 @ 10:38 |
Link to this message
|
|
Hows the system running? :)
Proud member of
since 2005.
|
|
a226a
Newbie
|
28. August 2006 @ 10:44 |
Link to this message
|
|
seems to be fine now
thanks
everything sorted, no more steps?
|
|
Advertisement
|
|
|
|
Rawe
Junior Member
|
29. August 2006 @ 01:02 |
Link to this message
|
Well, Java update is always wise to do....
Go to Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: 
Select it and click Remove.
Now please install the latest update manually..
Note to reboot the computer after updating:
http://java.sun.com/javase/downloads/index.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.
See Tony Klein's great article "So how did I get infected in the first place?": http://castlecops.com/postlite7736-.html
:)
Proud member of
since 2005.
This message has been edited since posting. Last time this message was edited on 29. August 2006 @ 01:03
|
|
