Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

.msi Infected

Started by DSTAR002 , Feb 24 2009 07:55 PM

  • Please log in to reply

#1
DSTAR002
Posted 24 February 2009 - 07:55 PM

DSTAR002

    New Member

  • Member
  • Pip
  • 1 posts
Hi please help... Recently i got a Trojan w32 Proxy virus on my laptop with Windows Vista, i tried to clean it, and i thought i was successful but when i transfer d data to my Desktop XP PC it came along, problem is that i dont pick it up with any spyware removal programs, only Symantec End Point picks it up as a Virut virus, Last week i formatted windows more then 23 times, trying different solutions from different Forums, Only problem that i now have left is that my End Point was partial removed or disabled and i cant install any .MSI files... I ran a HiJack Scan and a Combo Fix here is the results I got

HiJack...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:32 PM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: Need for Speed™ Undercover Registration.lnk = E:\Installes games\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Global Startup: Dashboard Launcher.lnk = ?
O4 - Global Startup: iBurst_Terminal UTL.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3433136C-D040-4A99-8D9C-09880398CE97}: NameServer = 196.30.31.193 196.7.0.138
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 4904 bytes




COMBO FIX...

ComboFix 09-02-24.02 - STEVE 2009-02-24 14:31:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1575 [GMT -8:00]
Running from: c:\documents and settings\STEVE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\STEVE\Desktop\CFScript.txt.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*
FW: Symantec Endpoint Protection *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-24 14:21 . 2009-02-24 14:22 <DIR> d-------- c:\program files\NoAdware
2009-02-24 14:12 . 2009-02-24 14:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 14:12 . 2009-02-24 14:12 <DIR> d-------- c:\documents and settings\STEVE\Application Data\Malwarebytes
2009-02-24 14:12 . 2009-02-24 14:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 14:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 14:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 13:43 . 2009-02-24 13:43 <DIR> d-------- c:\program files\MSECACHE
2009-02-24 12:37 . 2008-08-15 10:30 78,848 --a--c--- c:\windows\system32\dllcache\msiexec.exe
2009-02-24 11:44 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-02-24 11:44 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-02-24 11:44 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-02-24 11:44 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-02-24 11:44 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-02-24 11:44 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-02-24 11:44 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-02-24 11:21 . 2009-02-24 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2009-02-22 21:51 . 2009-02-22 21:51 <DIR> d-------- c:\program files\Symantec
2009-02-22 21:51 . 2009-02-24 13:09 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-02-22 21:51 . 2009-02-24 13:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-22 21:51 . 2007-03-21 20:39 1,060,864 --a------ c:\windows\system32\MFC71.DLL
2009-02-22 21:51 . 2007-03-21 20:33 503,808 --a------ c:\windows\system32\MSVCP71.DLL
2009-02-22 21:51 . 2009-02-22 21:51 136,496 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-22 21:51 . 2007-12-18 19:06 91,008 --a------ c:\windows\system32\drivers\SysPlant.sys
2009-02-22 21:51 . 2009-02-22 21:51 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-22 21:51 . 2009-02-22 21:51 10,652 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-22 21:51 . 2009-02-22 21:51 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-22 21:36 . 2009-02-22 21:39 <DIR> d-------- c:\documents and settings\STEVE\Application Data\dvdcss
2009-02-22 14:37 . 2009-02-24 07:07 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-22 14:37 . 2009-02-24 07:07 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-22 14:37 . 2009-02-24 02:27 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-02-22 14:36 . 2009-02-22 14:36 <DIR> dr-h----- c:\documents and settings\STEVE\Application Data\SecuROM
2009-02-22 14:36 . 2009-02-22 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-22 14:34 . 2009-02-22 14:34 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-22 14:34 . 2009-02-22 14:34 <DIR> d-------- c:\documents and settings\STEVE\Application Data\vlc
2009-02-22 14:34 . 2009-02-22 14:34 <DIR> d-------- c:\documents and settings\STEVE\Application Data\Leadertech
2009-02-22 14:11 . 2009-02-22 22:52 <DIR> d-------- c:\program files\DAEMON Tools
2009-02-22 14:11 . 2009-02-22 14:11 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-02-22 14:10 . 2009-02-22 14:10 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-22 14:10 . 2009-02-22 14:10 96,256 --a------ c:\windows\system32\drivers\sptd1293.sys
2009-02-22 13:01 . 2009-02-22 13:01 0 --a------ c:\windows\nsreg.dat
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\program files\VideoLAN
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\documents and settings\STEVE\Application Data\Media Player Classic
2009-02-22 12:20 . 2009-02-22 12:20 <DIR> d-------- c:\documents and settings\STEVE\Application Data\iBurst
2009-02-22 12:18 . 2009-02-22 12:18 <DIR> d-------- c:\program files\iBurst Terminal
2009-02-22 12:18 . 2006-03-29 03:25 37,362 --a------ c:\windows\system32\drivers\iBurstu.sys
2009-02-22 12:17 . 2009-02-22 12:17 <DIR> d-------- c:\program files\iBurst Dashboard V2
2009-02-22 12:16 . 2009-02-22 12:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-22 12:13 . 2009-02-22 12:13 <DIR> d-------- c:\windows\nview
2009-02-22 12:13 . 2008-05-16 10:31 446,464 --a------ c:\windows\system32\nvudisp.exe
2009-02-22 12:13 . 2009-02-24 14:35 186,097 --a------ c:\windows\system32\nvapps.xml
2009-02-22 12:13 . 2008-05-16 10:31 18,070 --a------ c:\windows\system32\nvdisp.nvu
2009-02-22 12:10 . 2009-02-22 12:10 <DIR> d-------- c:\program files\Analog Devices
2009-02-22 12:10 . 2001-09-11 15:20 1,285,632 --------- c:\windows\system32\SMMedia.dll
2009-02-22 12:10 . 2001-09-20 05:47 765,952 -ra------ c:\windows\system\crlds3d.dll
2009-02-22 12:10 . 2005-10-11 08:07 393,088 -ra------ c:\windows\system32\drivers\senfilt.sys
2009-02-22 12:10 . 2005-10-06 09:21 141,312 -ra------ c:\windows\system32\drivers\ADIHdAud.sys
2009-02-22 12:10 . 2005-03-05 12:53 127,872 -ra------ c:\windows\system32\drivers\aeaudio.sys
2009-02-22 12:10 . 2003-08-20 11:36 65,536 --a--c--- c:\windows\system32\dllcache\a3d.dll
2009-02-22 12:10 . 2003-08-20 11:36 65,536 -ra------ c:\windows\system32\a3d.dll
2009-02-22 12:10 . 2005-05-04 09:20 53,248 --------- c:\windows\system32\wdmioctl.dll
2009-02-22 12:10 . 2005-09-26 16:20 49,152 --------- c:\windows\system32\DSndUp.exe
2009-02-22 12:10 . 2002-04-17 15:05 45,056 --------- c:\windows\system32\CleanUp.exe
2009-02-22 12:10 . 2005-06-23 02:11 23,552 -ra------ c:\windows\system32\PostProc.dll
2009-02-22 12:08 . 2009-02-22 12:08 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-22 12:08 . 2009-02-22 12:08 <DIR> d-------- c:\program files\DIFX
2009-02-22 12:08 . 2004-02-27 00:00 962,612 --a------ c:\windows\system32\mfc42d.dll
2009-02-22 12:08 . 2004-02-17 00:00 434,252 --a------ c:\windows\system32\MSVCRTD.DLL
2009-02-22 12:08 . 2006-07-01 22:39 36,864 --a------ c:\windows\system32\drivers\AmdK8.sys
2009-02-22 12:07 . 2009-02-22 12:07 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-02-22 12:07 . 2009-02-22 12:07 1,024 --a------ C:\.rnd
2009-02-22 12:07 . 2009-02-22 12:07 22 --a------ c:\windows\FileName
2009-02-22 12:06 . 2009-02-24 11:21 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-22 12:06 . 2009-02-22 12:07 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-22 12:06 . 2009-02-22 12:08 <DIR> d-------- c:\program files\ASUS
2009-02-22 12:05 . 2009-02-22 12:05 16,918 --a------ c:\windows\Ascd_tmp.ini
2009-02-22 12:05 . 2006-10-10 11:33 10,288 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-22 12:03 . 2009-02-23 13:41 <DIR> d-------- c:\documents and settings\STEVE
2009-02-22 12:02 . 2009-02-22 12:02 <DIR> d---s---- c:\windows\system32\Microsoft
2009-02-22 12:02 . 2009-02-22 12:02 <DIR> d--hs---- c:\documents and settings\LocalService

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 06:56 283,648 ----a-w c:\windows\winhlp32.exe
2009-02-23 06:55 538,624 ----a-w c:\windows\system32\spider.exe
2009-02-23 06:55 347,136 ----a-w c:\windows\system32\tourstart.exe
2009-02-23 06:55 180,224 ----a-w c:\windows\system32\dwwin.exe
2009-02-23 06:55 10,752 ----a-w c:\windows\hh.exe
2009-02-23 06:54 69,120 ----a-w c:\windows\system32\notepad.exe
2009-02-23 06:54 433,664 ----a-w c:\windows\system32\wiaacmgr.exe
2009-02-23 06:54 407,552 ----a-w c:\windows\system32\mstsc.exe
2009-02-23 06:54 126,976 ----a-w c:\windows\system32\mshearts.exe
2009-02-23 06:54 1,200,128 ----a-w c:\windows\system32\ntbackup.exe
2009-02-23 06:13 183,808 ----a-w c:\windows\system32\accwiz.exe
2009-02-23 06:13 103,936 ----a-w c:\windows\system32\logagent.exe
2009-02-23 05:57 5,632 ----a-w c:\windows\system32\winver.exe
2009-02-23 05:57 150,016 ----a-w c:\windows\system32\imapi.exe
2009-02-23 05:57 128,512 ----a-w c:\windows\system32\wuauclt.exe
2009-02-22 19:49 --------- d-----w c:\program files\microsoft frontpage
2009-01-21 04:44 149,760 ----a-w c:\windows\system32\drivers\WpsHelper.sys
.

------- Sigcheck -------

2009-02-22 21:57 128512 be9d54045749d3e08a33f93c9a8e15f3 c:\windows\system32\wuauclt.exe
2004-08-04 04:00 111104 4126d27cece4471e00e425411f7306b5 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

c:\documents and settings\STEVE\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - e:\installes games\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-23 4369408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dashboard Launcher.lnk - c:\windows\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe [2009-02-22 8192]
iBurst_Terminal UTL.lnk - c:\program files\iBurst Terminal\iBurst_Terminal_UTL.EXE [2009-02-22 311296]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

R3 iBurstu;iBurst Terminal;c:\windows\system32\drivers\iBurstu.sys [2009-02-22 37362]
S2 EraserSvc10824;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-11-09 108392]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
TCP: {3433136C-D040-4A99-8D9C-09880398CE97} = 196.30.31.193 196.7.0.138
FF - ProfilePath - c:\documents and settings\STEVE\Application Data\Mozilla\Firefox\Profiles\3kgbdjut.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 14:36:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1214440339-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2e,45,bc,68,58,67,c5,e1,cf,3a,41,aa,dc,e3,77,92,e5,f3,71,f2,db,
ed,81,db,b8,48,67,73,ef,d3,dd,77,5a,60,f0,fe,bc,83,ef,52,46,73,e4,db,d7,e6,\
"rkeysecu"=hex:95,3a,d1,2b,af,9f,c5,1e,a6,8c,cd,da,30,eb,f8,c4
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\iBurst Dashboard V2\DashboardLauncher.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2009-02-24 14:37:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 22:37:25
ComboFix2.txt 2009-02-24 22:27:32

Pre-Run: 4,199,759,872 bytes free
Post-Run: 4,194,189,312 bytes free

199

Hope this can help you to PLEASE help me...
Thanx

Edited by DSTAR002, 24 February 2009 - 08:00 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP