Hi, this common problem seems to have struck me down, this is the log... thanks in advance Logfile of HijackThis v1.99.1 Scan saved at 00:38:15, on 27/08/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Yusuf\Desktop\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Go here http://www.atribune.org/ccount/click.php?id=4 download VundoFix.exe to your desktop. Open VundoFix.exe Put a check next to Run VundoFix as a task. Prompt about close adn reopen. Click OK. After reopen, click Scan for Vundo. When finish, click Remove Vundo. Prompt - remove. Click OK. Your desktop will go blank as it starts removal. Prompt for shutdown. Click OK. Post new HijackThis log along with C:\vundofix.txt.
Niobis -- just to note, it's an old canned actually VundoFix 6 has new instructions. Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4 Double-click [bold]VundoFix.exe[/bold] to run it. Click the [bold]Scan for Vundo[/bold] button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click [bold]YES[/bold] Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click [bold]OK[/bold]. Please post the contents of C:\[bold]vundofix.txt[/bold] and a fresh HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the [bold]Scan for Vundo[/bold] button." when VundoFix appears at reboot.
VundoFix V6.1.2 Checking Java version... Java version is 1.5.0.7 Scan started at 03:38:56 27/08/2006 Listing files found while scanning.... C:\WINDOWS\system32\byxvsro.dll C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.bak1 C:\WINDOWS\system32\vycdd.bak2 C:\WINDOWS\system32\vycdd.ini2 C:\WINDOWS\system32\vycdd.tmp C:\WINDOWS\system32\bkdanpmk.exe C:\WINDOWS\system32\blwjdcho.exe C:\WINDOWS\system32\csrousgd.exe C:\WINDOWS\system32\fgjdxlac.exe C:\WINDOWS\system32\gwvrspkd.exe C:\WINDOWS\system32\gybldfey.exe C:\WINDOWS\system32\hvfjekjm.exe C:\WINDOWS\system32\ufbbsirx.exe C:\WINDOWS\system32\uoxyxhkh.exe C:\WINDOWS\system32\uydafyfp.exe C:\WINDOWS\System32\Drivers\DP.sys Beginning removal... Attempting to delete C:\WINDOWS\system32\byxvsro.dll C:\WINDOWS\system32\byxvsro.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\ddcyv.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vycdd.bak1 C:\WINDOWS\system32\vycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\vycdd.bak2 C:\WINDOWS\system32\vycdd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vycdd.ini2 C:\WINDOWS\system32\vycdd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vycdd.tmp C:\WINDOWS\system32\vycdd.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\bkdanpmk.exe C:\WINDOWS\system32\bkdanpmk.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\blwjdcho.exe C:\WINDOWS\system32\blwjdcho.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\csrousgd.exe C:\WINDOWS\system32\csrousgd.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fgjdxlac.exe C:\WINDOWS\system32\fgjdxlac.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gwvrspkd.exe C:\WINDOWS\system32\gwvrspkd.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gybldfey.exe C:\WINDOWS\system32\gybldfey.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hvfjekjm.exe C:\WINDOWS\system32\hvfjekjm.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ufbbsirx.exe C:\WINDOWS\system32\ufbbsirx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\uoxyxhkh.exe C:\WINDOWS\system32\uoxyxhkh.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\uydafyfp.exe C:\WINDOWS\system32\uydafyfp.exe Has been deleted! Attempting to delete C:\WINDOWS\System32\Drivers\DP.sys C:\WINDOWS\System32\Drivers\DP.sys Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.2 Checking Java version... Java version is 1.5.0.7 Scan started at 03:43:24 27/08/2006 Listing files found while scanning.... VundoFix V6.1.2 Checking Java version... Java version is 1.5.0.7 Scan started at 04:14:59 27/08/2006 Listing files found while scanning.... C:\WINDOWS\system32\ddcyv.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\ddcyv.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.1.2 Checking Java version... Java version is 1.5.0.7 Scan started at 15:48:17 27/08/2006 Listing files found while scanning.... C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.bak1 Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\ddcyv.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vycdd.bak1 C:\WINDOWS\system32\vycdd.bak1 Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.2 Checking Java version... Java version is 1.5.0.7 Scan started at 15:55:04 27/08/2006 Listing files found while scanning.... C:\WINDOWS\system32\ddcyv.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\ddcyv.dll Has been deleted! Performing Repairs to the registry. Done! hijack this... Logfile of HijackThis v1.99.1 Scan saved at 17:42:48, on 27/08/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Common Files\{5CCD58F2-08A2-2057-0623-05030806002c}\Update.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinampI\winamp.exe C:\WINDOWS\System32\CTPdeSrv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Yusuf\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C7E8A14-AF98-4F76-AD93-69AD1DC13169} - C:\WINDOWS\System32\ddcyv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Download http://download.bleepingcomputer.com/sUBs/combofix.exe to your desktop. Double-click [bold]combofix.exe[/bold] & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply. [bold]Note[/bold]: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Yusuf - 06-08-27 18:18:39.04 ComboFix 06.08.26BT - Running from: C:\Documents and Settings\Yusuf\Desktop (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\{5CCD58F2-08A2-2057-0623-05030806002c} ((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 )))))))))))))))))))))))))))))))))) 2006-08-27 04:16 13,844 --a------ C:\WINDOWS\system32\xwgyckxx.exe 2006-08-26 23:15 106,496 --a------ C:\WINDOWS\system32\atl71.dll 2006-08-26 14:28 13,844 --a------ C:\WINDOWS\system32\smyskrgv.exe 2006-08-26 01:16 13,844 --a------ C:\WINDOWS\system32\hyniprlw.exe 2006-08-25 17:06 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys 2006-08-25 14:12 13,844 --a------ C:\WINDOWS\system32\amxnjitj.exe 2006-08-24 22:00 13,844 --a------ C:\WINDOWS\system32\svhroaop.exe 2006-08-24 21:55 24,576 --------- C:\WINDOWS\system32\msxml3a.dll 2006-08-24 21:52 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2006-08-24 21:52 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2006-08-24 15:19 13,844 --a------ C:\WINDOWS\system32\culosusu.exe 2006-08-23 20:18 13,844 --a------ C:\WINDOWS\system32\nyjiuela.exe 2006-08-22 09:04 13,844 --a------ C:\WINDOWS\system32\nhwlrkak.exe 2006-08-21 19:06 13,844 --a------ C:\WINDOWS\system32\thenldwb.exe 2006-08-18 00:08 2,580 --a------ C:\WINDOWS\system32\ceqghskb.exe 2006-08-17 15:15 2,580 --a------ C:\WINDOWS\system32\kydbrgvp.exe 2006-08-17 03:32 2,580 --a------ C:\WINDOWS\system32\anlnyjws.exe 2006-08-17 02:45 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-08-16 23:35 2,580 --a------ C:\WINDOWS\system32\edynrctq.exe 2006-08-16 18:29 2,580 --a------ C:\WINDOWS\system32\kfstjrns.exe 2006-08-15 01:43 2,580 --a------ C:\WINDOWS\system32\prfuoqsr.exe 2006-08-15 01:43 12,308 --a------ C:\WINDOWS\system32\wvyginwe.exe 2006-08-15 00:47 2,580 --a------ C:\WINDOWS\system32\vhugclvy.exe 2006-08-15 00:47 12,308 --a------ C:\WINDOWS\system32\daqwvjav.exe 2006-08-13 22:43 2,580 --a------ C:\WINDOWS\system32\pdvvousm.exe 2006-08-13 18:26 2,580 --a------ C:\WINDOWS\system32\ctmuojof.exe 2006-08-13 00:48 2,580 --a------ C:\WINDOWS\system32\jlattwpm.exe 2006-08-12 13:46 2,580 --a------ C:\WINDOWS\system32\kvwwhico.exe 2006-08-11 22:22 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-08-10 22:35 2,580 --a------ C:\WINDOWS\system32\eyhthayk.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-27 18:20 -------- d-------- C:\Program Files\Common Files 2006-08-27 17:41 -------- d-------- C:\Program Files\Mozilla Firefox 2006-08-27 03:08 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\uTorrent 2006-08-26 16:17 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\CyberLink 2006-08-26 16:16 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-26 16:16 -------- d-------- C:\Program Files\CyberLink 2006-08-25 16:54 -------- d-------- C:\Program Files\Audible 2006-08-24 22:10 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Creative 2006-08-24 21:51 -------- d-------- C:\Program Files\Creative 2006-08-24 21:50 -------- d-------- C:\Program Files\Windows Media Player 2006-08-20 16:01 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\AdobeUM 2006-08-12 01:33 -------- d---s---- C:\Documents and Settings\Yusuf\Application Data\Microsoft 2006-08-11 22:49 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2006-08-11 22:49 -------- d-------- C:\Program Files\Alcohol Soft 2006-08-11 22:46 90240 --a------ C:\WINDOWS\system32\drivers\sptd3021.sys 2006-08-11 22:46 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-08-11 22:17 -------- d-------- C:\Program Files\Rockstar Games 2006-08-11 18:58 -------- d-------- C:\Program Files\Soulseek 2006-08-09 23:11 -------- d-------- C:\Program Files\Sony Ericsson 2006-08-08 17:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-08-05 16:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2006-08-05 16:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2006-08-05 16:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2006-08-05 16:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2006-08-04 02:07 -------- d-------- C:\Program Files\Graal 2006-08-04 01:03 -------- d-------- C:\Program Files\Opera 2006-08-04 01:03 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Opera 2006-07-26 12:49 65556 --a------ C:\WINDOWS\system32\pxxnjsin.exe 2006-07-25 23:13 65556 --a------ C:\WINDOWS\system32\ywrlmwxx.exe 2006-07-25 20:57 65556 --a------ C:\WINDOWS\system32\ijogddkf.exe 2006-07-25 17:16 -------- d-------- C:\Program Files\WinampI 2006-07-25 00:17 65556 --a------ C:\WINDOWS\system32\rlxbshsa.exe 2006-07-25 00:17 17750 --a------ C:\WINDOWS\system32\lomufrqg.exe 2006-07-25 00:14 -------- d-------- C:\Program Files\NetMeeting 2006-07-25 00:10 -------- d-------- C:\Program Files\Outlook Express 2006-07-25 00:10 -------- d-------- C:\Program Files\Common Files\System 2006-07-25 00:09 65556 --a------ C:\WINDOWS\system32\xxsimebw.exe 2006-07-25 00:09 17750 --a------ C:\WINDOWS\system32\vtiuxaed.exe 2006-07-25 00:09 -------- d-------- C:\Program Files\Messenger 2006-07-23 23:35 17750 --a------ C:\WINDOWS\system32\fgbqavtt.exe 2006-07-23 18:18 17750 --a------ C:\WINDOWS\system32\npwxbsox.exe 2006-07-23 14:56 17750 --a------ C:\WINDOWS\system32\fdnrirbc.exe 2006-07-23 14:42 17750 --a------ C:\WINDOWS\system32\goemrqbt.exe 2006-07-22 20:26 17750 --a------ C:\WINDOWS\system32\mwlkywar.exe 2006-07-22 19:08 17750 --a------ C:\WINDOWS\system32\ujlrcmcs.exe 2006-07-22 17:22 17750 --a------ C:\WINDOWS\system32\cxechfek.exe 2006-07-22 16:33 -------- d-------- C:\Program Files\Acoustica MP3 Audio Mixer 2006-07-22 14:12 17750 --a------ C:\WINDOWS\system32\kqidjqlf.exe 2006-07-22 13:57 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-07-22 13:57 -------- d-------- C:\Program Files\Common Files\Designer 2006-07-22 13:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-07-22 13:50 -------- d-------- C:\Program Files\Microsoft Office 2006-07-22 13:50 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Microsoft Web Folders 2006-07-22 13:47 -------- d-------- C:\Program Files\microsoft frontpage 2006-07-22 12:50 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment 2006-07-22 02:46 17750 --a------ C:\WINDOWS\system32\psupkhpu.exe 2006-07-22 02:01 17750 --a------ C:\WINDOWS\system32\rbeayfjm.exe 2006-07-21 13:59 17750 --a------ C:\WINDOWS\system32\xawsvpty.exe 2006-07-21 01:25 17750 --a------ C:\WINDOWS\system32\gynlvkbr.exe 2006-07-20 21:57 17750 --a------ C:\WINDOWS\system32\rmwaswmr.exe 2006-07-20 19:27 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\IGN_DLM 2006-07-20 19:26 -------- d-------- C:\Program Files\IGN 2006-07-17 00:16 -------- d-------- C:\Program Files\Steam 2006-07-11 21:55 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-07-11 21:47 -------- d-------- C:\Program Files\Ubisoft 2006-07-11 15:43 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2006-07-11 15:41 -------- d-------- C:\Program Files\Futuremark 2006-07-10 19:04 -------- d-------- C:\Program Files\Bethesda Softworks 2006-07-10 19:02 -------- d-------- C:\Program Files\WinRAR 2006-07-07 20:18 -------- d-------- C:\Program Files\EPSON 2006-07-07 19:41 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\FarStone 2006-06-30 19:12 -------- d-------- C:\Program Files\Silicon Image 2006-06-30 19:08 -------- d-------- C:\Program Files\Marvell 2006-06-29 02:20 -------- d-------- C:\Program Files\DivX 2006-06-27 14:23 -------- d-------- C:\Program Files\Lavasoft 2006-06-27 14:23 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Lavasoft 2006-06-27 14:21 -------- d-------- C:\Program Files\Alwil Software 2006-06-27 01:22 -------- d-------- C:\Program Files\QuickTime 2006-06-27 01:22 -------- d-------- C:\Documents and Settings\Yusuf\Application Data\Apple Computer 2006-06-22 22:46 147495 --a------ C:\WINDOWS\system32\rmocx.dll 2006-06-17 23:11 737280 --a------ C:\WINDOWS\iun6002.exe 2006-06-17 23:06 62 --ahs---- C:\Documents and Settings\Yusuf\Application Data\desktop.ini 2006-06-17 22:24 0 -rahs---- C:\MSDOS.SYS 2006-06-17 22:24 0 -rahs---- C:\IO.SYS 2006-06-17 22:24 0 --a------ C:\CONFIG.SYS 2006-06-17 22:24 0 --a------ C:\AUTOEXEC.BAT 2006-06-15 22:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-06-15 22:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-06-15 22:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-06-15 22:55 620180 --a------ C:\WINDOWS\system32\DivX.dll 2006-06-14 18:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-06-12 20:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvusmb.exe 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvunrm.exe 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvuide.exe 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvuaudio.exe 2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll 2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll 2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe 2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll 2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll 2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll 2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll 2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll 2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll 2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll 2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe 2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll 2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll 2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll 2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll 2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll 2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll 2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll 2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll 2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe 2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll 2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll 2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE" "Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\"" "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SoundMan"="SOUNDMAN.EXE" "RAMDrive"="\"C:\\Program Files\\FarStone\\VirtualDrive\\VHD\\RDTask.exe\" /AutoRestore" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" "Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveAutoRun"=dword:00000020 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ASUS SmartDoctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmartDoctor" "hkey"="HKCU" "command"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GameFace Messenger] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameFace" "hkey"="HKLM" "command"="C:\\Program Files\\GameFace Messenger\\GameFace.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TClock.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tclock_install" "hkey"="HKCU" "command"="C:\\Program Files\\TClock\\tclock_install.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32 Completion time: 27/08/2006 18:20:49.64 ComboFix.txt
Please [bold]download[/bold] the http://www.downloads.subratam.org/KillBox.zip. [bold]Note[/bold]:[bold] In the event you already have Killbox, this is a new version that I need you to download[/b]. [bold]Save[/bold] it to your [bold]desktop[/bold]. Please double-click [bold]Killbox.exe[/bold] to run it. Select: [bold]Delete on Reboot[/bold] Then [bold]Click[/bold] on the [bold]All Files[/bold] button. Please [bold]copy the file paths below to the clipboard[/bold] by highlighting [bold]ALL[/bold] of them and [bold]pressing CTRL + C[/bold] (or, after highlighting, right-click and choose copy): [bold]C:\WINDOWS\system32\xwgyckxx.exe C:\WINDOWS\system32\smyskrgv.exe C:\WINDOWS\system32\hyniprlw.exe C:\WINDOWS\system32\affv208325p1now.sys C:\WINDOWS\system32\amxnjitj.exe C:\WINDOWS\system32\svhroaop.exe C:\WINDOWS\system32\msxml3a.dll C:\WINDOWS\system32\culosusu.exe C:\WINDOWS\system32\nyjiuela.exe C:\WINDOWS\system32\nhwlrkak.exe C:\WINDOWS\system32\thenldwb.exe C:\WINDOWS\system32\ceqghskb.exe C:\WINDOWS\system32\kydbrgvp.exe C:\WINDOWS\system32\anlnyjws.exe C:\WINDOWS\system32\edynrctq.exe C:\WINDOWS\system32\kfstjrns.exe C:\WINDOWS\system32\prfuoqsr.exe C:\WINDOWS\system32\wvyginwe.exe C:\WINDOWS\system32\vhugclvy.exe C:\WINDOWS\system32\daqwvjav.exe C:\WINDOWS\system32\pdvvousm.exe C:\WINDOWS\system32\ctmuojof.exe C:\WINDOWS\system32\jlattwpm.exe C:\WINDOWS\system32\kvwwhico.exe C:\WINDOWS\system32\eyhthayk.exe C:\WINDOWS\system32\pxxnjsin.exe C:\WINDOWS\system32\ywrlmwxx.exe C:\WINDOWS\system32\ijogddkf.exe C:\WINDOWS\system32\rlxbshsa.exe C:\WINDOWS\system32\lomufrqg.exe C:\WINDOWS\system32\xxsimebw.exe C:\WINDOWS\system32\vtiuxaed.exe C:\WINDOWS\system32\fgbqavtt.exe C:\WINDOWS\system32\npwxbsox.exe C:\WINDOWS\system32\fdnrirbc.exe C:\WINDOWS\system32\goemrqbt.exe C:\WINDOWS\system32\mwlkywar.exe C:\WINDOWS\system32\ujlrcmcs.exe C:\WINDOWS\system32\cxechfek.exe C:\WINDOWS\system32\kqidjqlf.exe C:\WINDOWS\system32\psupkhpu.exe C:\WINDOWS\system32\rbeayfjm.exe C:\WINDOWS\system32\xawsvpty.exe C:\WINDOWS\system32\gynlvkbr.exe C:\WINDOWS\system32\rmwaswmr.exe C:\WINDOWS\system32\rmocx.dll C:\WINDOWS\iun6002.exe[/bold] Return to Killbox, go to the [bold]File[/bold] menu, and choose [bold]Paste from Clipboard[/bold]. Click the red-and-white [bold]Delete File[/bold] button. Click [bold]Yes[/bold] at the Delete on Reboot prompt. Click [bold]OK[/bold] at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). [bold]If your computer does not restart automatically, please restart it manually[/bold]. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe to download and run missingfilesetup.exe. Then try Killbox again. ---- Surf here: www.virustotal.com To the blank field next to the "Browse" button, paste this: [bold]C:\WINDOWS\system32\drivers\sptd3021.sys[/bold] Hit "Send". Be patient until it starts scanning. Paste the results once all the scanners have finished. ---- Post back with the virustotal results and a fresh HijackThis log
Complete scanning result of "sptd3021.sys_", received in VirusTotal at 08.28.2006, 00:57:25 (CET). Antivirus Version Update Result AntiVir n - no virus found Authentium n - no virus found Avast n - no virus found AVG n - no virus found BitDefender n - no virus found CAT-QuickHeal n - no virus found ClamAV n - no virus found DrWeb n - no virus found eTrust-InoculateIT n - no virus found eTrust-Vet n - no virus found Ewido n - no virus found Fortinet n - no virus found F-Prot n - no virus found F-Prot4 n - no virus found Ikarus n - no virus found Kaspersky n - no virus found McAfee n - no virus found Microsoft n - no virus found NOD32v2 n - no virus found Norman n - no virus found Panda n - no virus found Sophos n - no virus found Symantec n - no virus found TheHacker n - no virus found UNA n - no virus found VBA32 n - no virus found VirusBuster n - no virus found Aditional Information File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 packers: ZIP
sorry forgot the hijack this part... Logfile of HijackThis v1.99.1 Scan saved at 03:44:12, on 28/08/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Real\RealOne Player\realplay.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Soulseek\slsk.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Yusuf\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C7E8A14-AF98-4F76-AD93-69AD1DC13169} - C:\WINDOWS\System32\ddcyv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Hi again, please run a scan with HijackThis and check the following objects for removal: [bold]O2 - BHO: (no name) - {5C7E8A14-AF98-4F76-AD93-69AD1DC13169} - C:\WINDOWS\System32\ddcyv.dll (file missing) O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)[/bold] Now close ALL other open windows except for HijackThis and hit [bold]FIX CHECKED.[/bold] Exit HijackThis. ---- Please follow the instructions here fully and post back with the Ewido results. http://rstones12.geekstogo.com/ewidosetup.htm
I'm guessing you only want a registry scan, if i'm wrong i will do it again... --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 14:35:04 28/08/2006 + Scan result: HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken. HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken. HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken. ::Report end
Did you read the instructions at-all???? See THIS step for reference (you didn't seem to set Ewido to quarantine any of it's findings): Once in the Settings screen click on "[bold]Recommended actions[/bold]" and then select "[bold]Quarantine[/bold]". See this step for reference (once you have followed the instructions to the point where to run the scan...........): Select the "[bold]Scanner[/bold]" icon at the top and then the "[bold]Scan[/bold]" tab then click on "[bold]Complete System Scan[/bold]". Be sure you do THIS step: If you have any infections you will prompted, then select "[bold]Apply all actions[/bold]" (Make sure the recommended course of action is set to QUARANTINE by changing that setting as described above).
--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 18:44:06 28/08/2006 + Scan result: HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined). C:\VundoFix Backups\byxvsro.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\ddcyv.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). E:\scottball is nang\xp user\Desktop\crap archive\Crap 7\Read It NOW!!!.hta -> Downloader.Inor.cj : Cleaned with backup (quarantined). E:\scottball is nang\xp user\Desktop\crap archive\crap4\MsgPlus-254.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined). C:\VundoFix Backups\blwjdcho.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\VundoFix Backups\csrousgd.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\VundoFix Backups\fgjdxlac.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\VundoFix Backups\gybldfey.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\VundoFix Backups\hvfjekjm.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\VundoFix Backups\ufbbsirx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\VundoFix Backups\uoxyxhkh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined). C:\!KillBox\amxnjitj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\culosusu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\hyniprlw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\nhwlrkak.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\nyjiuela.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\smyskrgv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\svhroaop.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\thenldwb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\xwgyckxx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\!KillBox\cxechfek.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\fdnrirbc.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\fgbqavtt.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\goemrqbt.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\gynlvkbr.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\ijogddkf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\kqidjqlf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\lomufrqg.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\mwlkywar.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\npwxbsox.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\psupkhpu.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\pxxnjsin.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\rbeayfjm.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\rlxbshsa.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\rmwaswmr.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\ujlrcmcs.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\vtiuxaed.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\xawsvpty.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\xxsimebw.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\ywrlmwxx.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\VundoFix Backups\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\!KillBox\daqwvjav.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\!KillBox\wvyginwe.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\VundoFix Backups\bkdanpmk.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\VundoFix Backups\gwvrspkd.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\VundoFix Backups\uydafyfp.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). ::Report end
Well, Java update is always wise to do.... Go to Go to [bold]Start[/bold] > [bold]Control Panel[/bold] double-click on the [bold]Software[/bold] icon > Add/Remove Programs. Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) It should have next icon next to it: Select it and click Remove. Now please [bold]install the latest update[/bold] manually.. Note to [bold]reboot[/bold] the computer after updating: http://java.sun.com/javase/downloads/index.jsp After the reboot, go back into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the [bold]Delete Files[/bold] button. There are three options in the window to clear the cache - [bold]Leave ALL 3 Checked[/bold] [bold]Downloaded Applets Downloaded Applications Other Files[/bold] Click OK on Delete Temporary Files Window [bold]Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[/bold] Click OK to leave the Java Control Panel. See Tony Klein's great article "So how did I get infected in the first place?": http://castlecops.com/postlite7736-.html
