Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AIM spy/malware - i need urgent help... [RESOLVED]


  • This topic is locked This topic is locked

#1
waxvax

waxvax

    Member

  • Member
  • PipPip
  • 10 posts
i got a link thru AIM
http://funny.afz.biz...ile=checkit.jpg
and it appears to be an exec...
it has installed some ad/spy/malware
the funny thing: i have SCS 3.0, MS Antispyware and Spybot SD installed. and they didnt help...

Logfile of HijackThis v1.99.1
Scan saved at 10:57:28, on 2005-06-21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\ntop-Win32\ntop.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nights.pl:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [LinuxTSC_startup] C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [strmsgms] aimstats.exe
O4 - HKCU\..\RunOnce: [The Bat!] C:\Program Files\The Bat!\thebat.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Otwórz klienta na monitorze &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Otwórz klienta na monitorze &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093953118593
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\Software\..\Telephony: DomainName = krakow.sa.gov.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E701BBEA-B014-4E88-AED0-05B03F4D148E}: NameServer = 192.168.1.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: ntop for Win32 (ntop) - Unknown owner - C:\Program Files\ntop-Win32\ntop.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hello

We are sorry for the delay in replying to your post, if your still need help please post a current HijackThis.log.

Thank you

Kc :tazz:
  • 0

#3
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 09:04:46, on 2005-06-27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\ntop-Win32\ntop.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nights.pl:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [LinuxTSC_startup] C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\RunOnce: [The Bat!] C:\Program Files\The Bat!\thebat.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Otwórz klienta na monitorze &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Otwórz klienta na monitorze &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093953118593
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\Software\..\Telephony: DomainName = krakow.sa.gov.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E701BBEA-B014-4E88-AED0-05B03F4D148E}: NameServer = 192.168.1.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: ntop for Win32 (ntop) - Unknown owner - C:\Program Files\ntop-Win32\ntop.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

i've tried to manage it by myself using hints from this forum, i've tried hijackthis, spybot sd and ad aware se, but it looks like the entry O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe comes back all the time, tho it stopeed popping up ads. anyway i've noticed lowered performance of my machine
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi waxvax

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Please download SpyBot V1.4 http://www.majorgeek...wnload2471.html Update the program then run it.

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nights.pl:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;;localhost;<local>
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Click on Fix Checked when finished and exit HijackThis.

Run Ad-aware se let remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
c:\windows\system32\elitezxn32.exe[/B]
Let the system reboot.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
LOG FROM PANDA:


Incident Status Location

Possible Virus. No disinfected C:\Downloads\software\UBCD4WinV241Full.exe[NwDetect.exe]
Possible Virus. No disinfected C:\Downloads\software\UBCD4WinV241Full.exe[PasswdRenew.exe]
Possible Virus. No disinfected C:\Downloads\software\UBCD4WinV241Full.exe[SAMInside_Demo.exe]
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygform-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggdk-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggmodule-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggthread-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggtk-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygmenu-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygncurses++-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygpanel-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygDtPrint-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygMrm-2.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygOSMesa-4.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-7.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXcomposite-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXcursor-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXdamage-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXext-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXfixes-3.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXm-2.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXp-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXrender-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygxrx-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygxrxnest-6.dll
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\apr-util\libaprutil0\libaprutil0-0.9.6-1.tar.bz2[libaprutil0-0.9.6-1.tar][cygaprutil-0-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gettext\libgettextpo0\libgettextpo0-0.14.1-1.tar.bz2[libgettextpo0-0.14.1-1.tar][cyggettextpo-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gettext\libgettextpo0\libgettextpo0-0.14.1-1.tar.bz2[libgettextpo0-0.14.1-1.tar][cyggettextsrc-0-14-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\glib\glib-1.2.10-2.tar.bz2[glib-1.2.10-2.tar][cyggmodule-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\glib\glib-1.2.10-2.tar.bz2[glib-1.2.10-2.tar][cyggthread-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\GConf2\GConf2-2.8.1-1.tar.bz2[GConf2-2.8.1-1.tar][cyggconf-2-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\GConf2\GConf2-2.8.1-1.tar.bz2[GConf2-2.8.1-1.tar][cyggconfbackend-oldxml.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cyggnomevfs-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygmoniker_gnome_vfs_std.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygvfolder-desktop.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygvfs-test.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo2-2.8.0-1.tar.bz2[libbonobo2-2.8.0-1.tar][cygmoniker_std_2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo2-2.8.0-1.tar.bz2[libbonobo2-2.8.0-1.tar][Bonobo_module.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo20\libbonobo20-2.8.0-1.tar.bz2[libbonobo20-2.8.0-1.tar][cygbonobo-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo20\libbonobo20-2.8.0-1.tar.bz2[libbonobo20-2.8.0-1.tar][cygbonobo-activation-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonoboui2\libbonoboui2-2.8.0-1.tar.bz2[libbonoboui2-2.8.0-1.tar][cygbonoboui-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnome2\libgnome2-2.8.0-1.tar.bz2[libgnome2-2.8.0-1.tar][cyggnome-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnome2\libgnome2-2.8.0-1.tar.bz2[libgnome2-2.8.0-1.tar][cygmoniker_extra_2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomecanvas2\libgnomecanvas2-2.8.0-1.tar.bz2[libgnomecanvas2-2.8.0-1.tar][cyggnomecanvas-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeprint22\libgnomeprint22-2.8.0.1-1.tar.bz2[libgnomeprint22-2.8.0.1-1.tar][cyggnomeprint-2-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeprintui22\libgnomeprintui22-2.8.0-1.tar.bz2[libgnomeprintui22-2.8.0-1.tar][cyggnomeprintui-2-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeui2\libgnomeui2-2.8.0-1.tar.bz2[libgnomeui2-2.8.0-1.tar][cyggnomeui-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeui2\libgnomeui2-2.8.0-1.tar.bz2[libgnomeui2-2.8.0-1.tar][cyggnome-vfs.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libwnck\libwnck-2.8.1-1.tar.bz2[libwnck-2.8.1-1.tar][cygwnck-1-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk+\gtk+-1.2.10-2.tar.bz2[gtk+-1.2.10-2.tar][cyggdk-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk+\gtk+-1.2.10-2.tar.bz2[gtk+-1.2.10-2.tar][cyggtk-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk2-x11\gtk2-x11-runtime\gtk2-x11-runtime-2.4.14-1.tar.bz2[gtk2-x11-runtime-2.4.14-1.tar][cyggtk-x11-2.0-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguilereadline-v-12-12.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguile-srfi-srfi-13-14-v-1-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguile-srfi-srfi-4-v-1-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile16\libguile16-1.7.1.20041006-1.tar.bz2[libguile16-1.7.1.20041006-1.tar][cygguilereadline-v-16-16.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile16\libguile16-1.7.1.20041006-1.tar.bz2[libguile16-1.7.1.20041006-1.tar][cygguile-srfi-srfi-4-v-2-2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libcroco\libcroco06\libcroco06-0.6.0-1.tar.bz2[libcroco06-0.6.0-1.tar][cygcroco-0.6-3.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libwmf\libwmf-0.2.8.3-1.tar.bz2[libwmf-0.2.8.3-1.tar][cygwmf-0-2-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxml2\libxml2-python\libxml2-python-2.6.16-2.tar.bz2[libxml2-python-2.6.16-2.tar][libxml2mod.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][cygexslt-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][cygxslt-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][libxsltmod.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][cyglightcomp.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_redirect.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_rewrite.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_ssi.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\naim\naim-0.11.7.2-1.tar.bz2[naim-0.11.7.2-1.tar][cygnaim_core-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygform-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygmenu-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygncurses++-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygpanel-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\neon\libneon24\libneon24-0.24.7-1.tar.bz2[libneon24-0.24.7-1.tar][cygneon-24.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openjade\openjade-1.3.3-1.tar.bz2[openjade-1.3.3-1.tar][cygospgrove-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openjade\openjade-1.3.3-1.tar.bz2[openjade-1.3.3-1.tar][cygostyle-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openldap\libopenldap2_2_7\libopenldap2_2_7-2.2.17-2.tar.bz2[libopenldap2_2_7-2.2.17-2.tar][cygldap-2-2-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openldap\libopenldap2_2_7\libopenldap2_2_7-2.2.17-2.tar.bz2[libopenldap2_2_7-2.2.17-2.tar][cygldap_r-2-2-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-2.12.0-1.tar.bz2[ORBit2-2.12.0-1.tar][cygORBit-imodule-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-2.12.0-1.tar.bz2[ORBit2-2.12.0-1.tar][cygORBitCosNaming-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-devel\ORBit2-devel-2.12.0-1.tar.bz2[ORBit2-devel-2.12.0-1.tar][Everything_module.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][gdbm.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][readline.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][_curses.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][bigdecimal.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][curses.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][dbm.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][md5.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][rmd160.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sha1.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sha2.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][digest.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][dl.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][enumerator.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][etc.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][gdbm.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][iconv.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][openssl.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][pty.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][cparse.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][readline.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sdbm.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][socket.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][stringio.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][strscan.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][syck.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][syslog.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][tcltklib.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][tkutil.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][Win32API.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][win32ole.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][zlib.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\subversion\subversion-1.1.2-1.tar.bz2[subversion-1.1.2-1.tar][cygsvn_subr-1-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\t1lib\t1lib-x11\t1lib-x11-5.0.2-1.tar.bz2[t1lib-x11-5.0.2-1.tar][cygt1x-5.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygDtPrint-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygMrm-2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygXm-2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygOSMesa-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXcomposite-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXcursor-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXdamage-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXext-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXfixes-3.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXp-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXrender-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygxrx-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygxrxnest-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\zsh\zsh-4.2.4-1.tar.bz2[zsh-4.2.4-1.tar][zle.dll]
  • 0

#6
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
LOG FROM EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 13:48:38, 2005-06-28
+ Report-Checksum: 1D2FC172

+ Date of database: 2005-06-28
+ Version of scan engine: v3.0

+ Duration: 42 min
+ Scanned Files: 173994
+ Speed: 67.87 Files/Second
+ Infected files: 74
+ Removed files: 74
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\twolek\Cookies\twolek@3com[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@ad.ir[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@ads.guardian.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@ads.tripod.lycos.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@buy.rpts[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@counter.rambler[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@deliver.ads.uigc[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@emea.3com[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@free.aol[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@images.bonzi[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@indiads[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@orbitz.rpts[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@pl_PL_EMEA[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@realguide.real[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@ts1.lexmark[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@www.3com[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BDAB730-054B-4EF3-90B5-2A8554\2EB1BF59-AAE2-4262-AE8A-49ACFF -> Backdoor.Vnc -> Cleaned without backup
C:\WINDOWS\system32\consys98.exe -> Spyware.Small.an -> Cleaned without backup
C:\WINDOWS\system32\secupd1203.exe -> TrojanDownloader.Esepor.e -> Cleaned without backup


::Report End
  • 0

#7
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HJT

Logfile of HijackThis v1.99.1
Scan saved at 10:47:40, on 2005-06-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [LinuxTSC_startup] C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\RunOnce: [The Bat!] C:\Program Files\The Bat!\thebat.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Otwórz klienta na monitorze &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Otwórz klienta na monitorze &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093953118593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\Software\..\Telephony: DomainName = krakow.sa.gov.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E701BBEA-B014-4E88-AED0-05B03F4D148E}: NameServer = 192.168.1.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: ntop for Win32 (ntop) - Unknown owner - C:\Program Files\ntop-Win32\ntop.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi waxvax

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ?a;cza
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe

Click on Fix Checked when finished and exit HijackThis.


Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. Paste the file's one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
c:\windows\system32\elitezxn32.exe
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:


Possible Virus. As you can see the following may not be virus or malware you downloaded the file's it for you to keep or delete them. You must know if they are safe

C:\Downloads\software\UBCD4WinV241Full.exe[NwDetect.exe]
C:\Downloads\software\UBCD4WinV241Full.exe[PasswdRenew.exe]
C:\Downloads\software\UBCD4WinV241Full.exe[SAMInside_Demo.exe]
C:\Program Files\cygwin\bin\cygform-8.dll
C:\Program Files\cygwin\bin\cyggdk-1-2-0.dll
C:\Program Files\cygwin\bin\cyggmodule-1-2-0.dll
C:\Program Files\cygwin\bin\cyggthread-1-2-0.dll
C:\Program Files\cygwin\bin\cyggtk-1-2-0.dll
C:\Program Files\cygwin\bin\cygmenu-8.dll
C:\Program Files\cygwin\bin\cygncurses++-8.dll
C:\Program Files\cygwin\bin\cygpanel-8.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygDtPrint-1.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygMrm-2.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygOSMesa-4.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-6.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-7.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-8.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXcomposite-1.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXcursor-1.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXdamage-1.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXext-6.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXfixes-3.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXm-2.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXp-6.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygXrender-1.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygxrx-6.dll
C:\Program Files\cygwin\usr\X11R6\bin\cygxrxnest-6.dll
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\apr-util\libaprutil0\libaprutil0-0.9.6-1.tar.bz2[libaprutil0-0.9.6-1.tar][cygaprutil-0-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gettext\libgettextpo0\libgettextpo0-0.14.1-1.tar.bz2[libgettextpo0-0.14.1-1.tar][cyggettextpo-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gettext\libgettextpo0\libgettextpo0-0.14.1-1.tar.bz2[libgettextpo0-0.14.1-1.tar][cyggettextsrc-0-14-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\glib\glib-1.2.10-2.tar.bz2[glib-1.2.10-2.tar][cyggmodule-1-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\glib\glib-1.2.10-2.tar.bz2[glib-1.2.10-2.tar][cyggthread-1-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\GConf2\GConf2-2.8.1-1.tar.bz2[GConf2-2.8.1-1.tar][cyggconf-2-4.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\GConf2\GConf2-2.8.1-1.tar.bz2[GConf2-2.8.1-1.tar][cyggconfbackend-oldxml.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cyggnomevfs-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygmoniker_gnome_vfs_std.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygvfolder-desktop.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygvfs-test.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo2-2.8.0-1.tar.bz2[libbonobo2-2.8.0-1.tar][cygmoniker_std_2.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo2-2.8.0-1.tar.bz2[libbonobo2-2.8.0-1.tar][Bonobo_module.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo20\libbonobo20-2.8.0-1.tar.bz2[libbonobo20-2.8.0-1.tar][cygbonobo-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo20\libbonobo20-2.8.0-1.tar.bz2[libbonobo20-2.8.0-1.tar][cygbonobo-activation-4.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonoboui2\libbonoboui2-2.8.0-1.tar.bz2[libbonoboui2-2.8.0-1.tar][cygbonoboui-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnome2\libgnome2-2.8.0-1.tar.bz2[libgnome2-2.8.0-1.tar][cyggnome-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnome2\libgnome2-2.8.0-1.tar.bz2[libgnome2-2.8.0-1.tar][cygmoniker_extra_2.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomecanvas2\libgnomecanvas2-2.8.0-1.tar.bz2[libgnomecanvas2-2.8.0-1.tar][cyggnomecanvas-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeprint22\libgnomeprint22-2.8.0.1-1.tar.bz2[libgnomeprint22-2.8.0.1-1.tar][cyggnomeprint-2-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeprintui22\libgnomeprintui22-2.8.0-1.tar.bz2[libgnomeprintui22-2.8.0-1.tar][cyggnomeprintui-2-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeui2\libgnomeui2-2.8.0-1.tar.bz2[libgnomeui2-2.8.0-1.tar][cyggnomeui-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeui2\libgnomeui2-2.8.0-1.tar.bz2[libgnomeui2-2.8.0-1.tar][cyggnome-vfs.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libwnck\libwnck-2.8.1-1.tar.bz2[libwnck-2.8.1-1.tar][cygwnck-1-4.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk+\gtk+-1.2.10-2.tar.bz2[gtk+-1.2.10-2.tar][cyggdk-1-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk+\gtk+-1.2.10-2.tar.bz2[gtk+-1.2.10-2.tar][cyggtk-1-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk2-x11\gtk2-x11-runtime\gtk2-x11-runtime-2.4.14-1.tar.bz2[gtk2-x11-runtime-2.4.14-1.tar][cyggtk-x11-2.0-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguilereadline-v-12-12.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguile-srfi-srfi-13-14-v-1-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguile-srfi-srfi-4-v-1-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile16\libguile16-1.7.1.20041006-1.tar.bz2[libguile16-1.7.1.20041006-1.tar][cygguilereadline-v-16-16.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile16\libguile16-1.7.1.20041006-1.tar.bz2[libguile16-1.7.1.20041006-1.tar][cygguile-srfi-srfi-4-v-2-2.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libcroco\libcroco06\libcroco06-0.6.0-1.tar.bz2[libcroco06-0.6.0-1.tar][cygcroco-0.6-3.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libwmf\libwmf-0.2.8.3-1.tar.bz2[libwmf-0.2.8.3-1.tar][cygwmf-0-2-7.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxml2\libxml2-python\libxml2-python-2.6.16-2.tar.bz2[libxml2-python-2.6.16-2.tar][libxml2mod.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][cygexslt-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][cygxslt-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][libxsltmod.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][cyglightcomp.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_redirect.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_rewrite.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_ssi.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\naim\naim-0.11.7.2-1.tar.bz2[naim-0.11.7.2-1.tar][cygnaim_core-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygform-8.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygmenu-8.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygncurses++-8.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygpanel-8.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\neon\libneon24\libneon24-0.24.7-1.tar.bz2[libneon24-0.24.7-1.tar][cygneon-24.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openjade\openjade-1.3.3-1.tar.bz2[openjade-1.3.3-1.tar][cygospgrove-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openjade\openjade-1.3.3-1.tar.bz2[openjade-1.3.3-1.tar][cygostyle-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openldap\libopenldap2_2_7\libopenldap2_2_7-2.2.17-2.tar.bz2[libopenldap2_2_7-2.2.17-2.tar][cygldap-2-2-7.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openldap\libopenldap2_2_7\libopenldap2_2_7-2.2.17-2.tar.bz2[libopenldap2_2_7-2.2.17-2.tar][cygldap_r-2-2-7.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-2.12.0-1.tar.bz2[ORBit2-2.12.0-1.tar][cygORBit-imodule-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-2.12.0-1.tar.bz2[ORBit2-2.12.0-1.tar][cygORBitCosNaming-2-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-devel\ORBit2-devel-2.12.0-1.tar.bz2[ORBit2-devel-2.12.0-1.tar][Everything_module.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][gdbm.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][readline.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][_curses.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][bigdecimal.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][curses.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][dbm.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][md5.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][rmd160.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sha1.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sha2.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][digest.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][dl.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][enumerator.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][etc.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][gdbm.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][iconv.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][openssl.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][pty.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][cparse.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][readline.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sdbm.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][socket.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][stringio.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][strscan.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][syck.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][syslog.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][tcltklib.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][tkutil.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][Win32API.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][win32ole.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][zlib.so]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\subversion\subversion-1.1.2-1.tar.bz2[subversion-1.1.2-1.tar][cygsvn_subr-1-0.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\t1lib\t1lib-x11\t1lib-x11-5.0.2-1.tar.bz2[t1lib-x11-5.0.2-1.tar][cygt1x-5.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygDtPrint-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygMrm-2.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygXm-2.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygOSMesa-4.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-6.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-7.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-8.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXcomposite-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXcursor-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXdamage-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXext-6.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXfixes-3.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXp-6.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXrender-1.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygxrx-6.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygxrxnest-6.dll]
C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\zsh\zsh-4.2.4-1.tar.bz2[zsh-4.2.4-1.tar][zle.dll]
  • 0

#9
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Run killbox and click the radio button that says Delete a file on reboot. Paste the file's one at a time into the full path of file to delete box and click the red circle with a white cross in it.


i've already done it before postings logs from Panda+Ewido+HJT...

Possible Virus. As you can see the following may not be virus or malware you downloaded the file's it for you to keep or delete them. You must know if they are safe

Cygwin is definitely not a virus. that must be some error in Panda virus signatures.
I'm rather sure about that.
but still something keeps adding
c:\windows\system32\elitezxn32.exe to checkrun...
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi waxvax

It has to be a hidden file on the system lets try this first.

Download Silent runners.Vbs post the log it creates please
http://www.silentrunners.org/
Your antivirus script protection might interfear, please allow it to run after a bit box will say done.
Wait untill there is a finished message !!, Then open and post the log next to it.


Kc :tazz:
  • 0

Advertisements


#11
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Spy Watcher" = ""C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S" ["Topdownloads Networks"]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"The Bat!" = "C:\Program Files\The Bat!\thebat.exe" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PaperPort PTD" = "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."]
"IndexSearch" = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"FineReader7NewsReaderPro" = ""C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"" ["ABBYY (BIT Software)"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"HydraVisionDesktopManager" = "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" ["ATI Technologies Inc."]
"LinuxTSC_startup" = "C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard" [null data]
"JobHisInit" = "C:\Program Files\RMClient\JobHisInit.exe" [empty string]
"MplSetUp" = "C:\Program Files\RMClient\MplSetUp.exe" ["RICOH CO.,LTD."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"MicrosoftAntiSpywareCleaner" = "C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\1045\UNBIND.DLL" [MS]
"{692E33B0-AF9D-11D0-B976-00A0C9190447}" = "Remote Storage Properties"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\rsshell.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" ["Symantec Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Corel\shared\versions\cversion.dll" ["Corel Corporation Limited"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Corel\shared\versions\cversion.dll" ["Corel Corporation Limited"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "twolek" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\twolek\Menu Start\Programy\Autostart
"SpamPal" -> shortcut to: "C:\Program Files\SpamPal\spampal.exe" ["www.spampal.org"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"]
"CoreCenter" -> shortcut to: "C:\Program Files\MSI\Core Center\CoreCenter.exe" [empty string]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Microtek Scanner Finder" -> shortcut to: "C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe" [empty string]
"SmartDeviceMonitor for Client" -> shortcut to: "C:\Program Files\RMClient\PMClient.exe" ["RICOH COMPANY,LTD."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Intel Alert Handler, Intel Alert Handler, "C:\WINDOWS\system32\ams_ii\hndlrsvc.exe" ["Intel® Corporation"]
Intel Alert Originator, Intel Alert Originator, "C:\WINDOWS\system32\ams_ii\iao.exe" ["Intel® Corporation"]
Intel File Transfer, Intel File Transfer, "C:\WINDOWS\system32\cba\xfr.exe" ["Intel® Corporation"]
Intel PDS, Intel PDS, "C:\WINDOWS\system32\cba\pds.exe" ["Intel® Corporation"]
IS Service, ISSVC, ""C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"" ["Symantec Corporation"]
SAVRoam, SavRoam, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"" ["symantec"]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec SecurePort, SymSecurePort, ""C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec System Center Discovery Service, NSCTOP, "C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 186 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 43 seconds.
---------- (total run time: 319 seconds)
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi waxvax

We need to dig a bit deeper.

Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
1. Reboot into safe mode
2. Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finally finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
3. Reboot back to Normal Mode.
4. Post the log

Kc :tazz:
  • 0

#13
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi waxvax

Also run this to please.

http://www.jayloden.com/aimfix.htm

Kc :tazz:
  • 0

#14
waxvax

waxvax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
AimFix run, nothing reported

log from RKfiles

C:\Antispyware

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\D2VSource.ax: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\D2VSource.ax: UPX!
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\IFinst27.exe: UPX!
Finished
bye
  • 0

#15
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi waxvax

To scan individual files for malware analysis, you can use Jotti here: http://virusscan.jotti.org/
Please check the following file's

C:\WINDOWS\system32\D2VSource.ax
C:\WINDOWS\IFinst27.exe
Paste and copy the report here:

Post the reports back to this topic
Thanks

Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP