Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing UDXFYTW.SYS [Solved]

Started by elvisxb , Dec 02 2008 09:15 PM

  • This topic is locked This topic is locked

#16
elvisxb
Posted 05 December 2008 - 10:48 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix 08-12-02.02 - User 2008-12-05 23:33:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\User\zguicfgw.dat
c:\windows\system32\drivers\driversrv84.exe
c:\windows\system32\modnarlortnoc.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\zguicfgw.dat
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\BlueStreak.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts2Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\windows\system32\drivers\driversrv84.exe
c:\windows\system32\modnarlortnoc.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-05 17:21 . 2008-12-05 17:21 <DIR> d-------- C:\_OTMoveIt
2008-12-03 18:39 . 2008-12-03 18:40 <DIR> d-------- c:\windows\ERUNT
2008-12-03 18:37 . 2008-12-03 18:37 <DIR> d-------- c:\documents and settings\Administrator.ELVIS-COMP-
2008-12-03 18:20 . 2008-12-03 20:53 <DIR> d-------- C:\SDFix
2008-12-02 19:47 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-02 19:44 . 2008-12-02 19:44 <DIR> d-------- c:\program files\ERUNT
2008-12-02 19:19 . 2008-12-04 20:16 <DIR> d-------- C:\rsit
2008-12-02 19:19 . 2008-12-02 19:27 <DIR> d-------- c:\program files\trend micro
2008-12-01 20:24 . 2008-12-01 20:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 20:24 . 2008-12-01 20:24 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2008-12-01 20:24 . 2008-12-01 20:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-01 20:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 20:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 13:02 . 2008-11-25 13:02 <DIR> d-------- c:\program files\microsoft frontpage
2008-11-24 14:32 . 2008-11-24 14:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-22 19:15 . 2008-11-22 20:54 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-22 18:49 . 2008-11-22 18:49 <DIR> d-------- c:\program files\IObit
2008-11-22 18:43 . 2008-11-22 18:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 18:31 . 2008-11-22 18:31 62 ---hs---- c:\windows\system32\@#$#.htm
2008-11-19 18:54 . 2008-11-19 18:54 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-19 00:09 . 2008-11-19 00:09 <DIR> d-------- c:\documents and settings\User\Application Data\Ubisoft
2008-11-19 00:09 . 2008-11-19 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-11-17 22:28 . 2008-12-01 19:42 7,875 --a------ C:\xp_emergencyutil.zip
2008-11-15 21:46 . 2008-11-15 21:46 <DIR> d-------- c:\program files\Ventrilo
2008-11-15 21:46 . 2008-11-15 21:46 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-15 21:45 . 2008-11-22 18:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-14 13:17 . 2008-11-14 13:18 <DIR> d-------- c:\program files\iTunes
2008-11-14 13:17 . 2008-11-14 13:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-08 00:26 . 2008-11-08 00:26 <DIR> d-------- c:\program files\Guild Wars
2008-11-06 22:16 . 2008-11-20 16:38 <DIR> d-------- c:\windows\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 01:17 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-03 00:05 --------- d-----w c:\program files\Warcraft III
2008-12-02 02:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 04:26 --------- d-----w c:\documents and settings\User\Application Data\uTorrent
2008-11-22 23:43 --------- d-----w c:\program files\Lavasoft
2008-11-22 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 23:54 --------- d-----w c:\program files\Java
2008-11-19 19:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 02:46 --------- d-----w c:\documents and settings\User\Application Data\Ventrilo
2008-11-15 21:22 --------- d-----w c:\program files\World of Warcraft
2008-11-14 18:17 --------- d-----w c:\program files\iPod
2008-11-14 17:51 --------- d-----w c:\program files\Safari
2008-11-13 00:20 --------- d-----w c:\documents and settings\User\Application Data\Move Networks
2008-11-04 06:06 --------- d-----w c:\program files\StepMania
2008-10-29 02:47 --------- d-----w c:\program files\LimeWirepr
2008-10-25 10:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-18 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-17 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 23:00 --------- d-----w c:\program files\Common Files\Adobe
2008-10-11 22:33 --------- d--h--w c:\documents and settings\User\Application Data\ijjigame
2008-10-11 21:54 --------- d-----w c:\program files\Diablo II
2008-10-11 19:31 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-11 19:31 --------- d-----w c:\documents and settings\User\Application Data\DAEMON Tools
2007-11-16 22:57 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-07-31 16:34 139 ---ha-w c:\program files\Desktop.ini
2005-03-11 01:51 32 -c--a-r c:\documents and settings\All Users\hash.dat
2004-10-13 16:24 1,694,208 --sha-w c:\windows\FlyakiteOSX\Backup\msmsgs.exe
2005-02-19 22:32 56 --sha-r c:\windows\system32\88105EFAED.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-05_17.32.19.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 23:14:34 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-05 22:23:11 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-04 23:14:34 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-05 22:23:11 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-05 22:23:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-22 23:20:37 1,552,152 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-06 04:39:21 1,552,152 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-05 22:23:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d4.dat
+ 2008-12-06 04:39:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1d4.dat
+ 2008-12-06 04:39:31 16,384 ----atw c:\windows\temp\Perflib_Perfdata_298.dat
+ 2008-12-06 04:39:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"AIM"="c:\program files\AIM\aim.exe" [2003-08-01 61440]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2004-10-25 1118208]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-23 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2003-06-19 116224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 94208]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-19 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.8.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Account Setup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]
--a--c--- 2004-01-12 14:29 102400 c:\progra~1\AIM\AIMWDI~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 02:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2003-06-19 01:38 116224 c:\program files\AIM\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2001-08-23 07:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 00:31 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-08-11 14:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-08-11 14:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1686016 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2002-08-28 20:39 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra--c--- 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 21:46 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 18:25 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 21:46 94208 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2002-08-28 20:39 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2002-08-28 20:39 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2002-06-26 16:36 90112 c:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a--c--- 2004-10-25 14:36 1118208 c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-04 15:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2005-03-04 11:01 88209 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 21:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"NVSvc"=2 (0x2)
"Netlogon"=3 (0x3)
"navapsvc"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)
"LmHosts"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache"=2 (0x2)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"Pctspk"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"npkcsvc"=2 (0x2)
"MDM"=2 (0x2)
"mabidwe"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWirepr\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16785:TCP"= 16785:TCP:BitComet 16785 TCP
"16785:UDP"= 16785:UDP:BitComet 16785 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)

R1 NPPTNT;NPPTNT;\??\c:\windows\System32\npptNT.sys [2004-03-23 4608]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\Drivers\Razerlow.sys [2007-04-25 19020]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2007-04-25 162900]
S3 VGAUTI;VGAUTI;\??\c:\windows\system32\DRIVERS\VGAUTI.sys [2005-06-19 37880]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-13 c:\windows\Tasks\CAAntiSpywareScan_Daily as User at 7 16 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe []

2008-11-28 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2007-11-24 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2007-11-24 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~2.DLL



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 23:39:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Transparent Windows\Transparent.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
.
**************************************************************************
.
Completion time: 2008-12-05 23:46:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 04:45:52
ComboFix2.txt 2008-12-05 22:34:06

Pre-Run: 28,306,022,400 bytes free
Post-Run: 28,224,761,856 bytes free

342 --- E O F --- 2008-08-28 06:08:32
  • 0

Advertisements

#17
elvisxb
Posted 05 December 2008 - 10:49 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:10 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\wscntfy.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [System Files Updater] C:\Windows\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Transparent Windows.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Windows\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Windows\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://www.netmarble...NMStarter16.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} (IMBCControl Control) - http://touch.imbc.co...lineService.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.co...game/msxml4.cab
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale....WebLauncher.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongem...NetLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} (PcubeSet Class) - http://cyimg7.cyworl...ge/cyinstal.cab
O16 - DPF: {F707D836-1E2B-4ADD-94BB-24E6CAF11A1A} (IMBCCaptionDumy Control) - http://caption.imbc....IMBCCaption.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Data Files Manager Service (msclcosd) - Unknown owner - C:\Windows\system32\msclco.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10744 bytes
  • 0

#18
fenzodahl512
Posted 05 December 2008 - 11:39 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good.. Lets do this....


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. ESET Online Scanner
3. Tell me, how is your computer now?
  • 0

#19
elvisxb
Posted 07 December 2008 - 09:42 AM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 2

12/7/2008 10:41:10 AM
mbam-log-2008-12-07 (10-41-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 167055
Time elapsed: 2 hour(s), 33 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#20
elvisxb
Posted 07 December 2008 - 09:50 AM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
The ESET online scanner isn't working. My computer is running perfectly fine now. Thank you for all your help and time. :)
  • 0

#21
fenzodahl512
Posted 07 December 2008 - 10:05 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good.. Do this before you sleep or when you don't use the computer.. It will take a while.


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

Then, please download and install the latest Java from HERE




Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.


  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.


When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Post me Kaspersky Online result and tell me, how is your computer now? :)
  • 0

#22
elvisxb
Posted 09 December 2008 - 08:38 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 17:02:03
Records in database: 1447645
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 113719
Threat name: 18
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 05:57:59


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\453D4EBD.dll Infected: not-a-virus:Monitor.Win32.Perflogger.ab 1
C:\Documents and Settings\User\Desktop\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asu 1
C:\Documents and Settings\User\Desktop\Programs\FlyakiteOSX v3.5(2).exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
C:\Documents and Settings\User\Incomplete\T-5745425-Sax Brothers - Careless Whispers remix (141 Bpm House Trance).mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\DivX\Movies\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bfxgiq.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\cunnxo.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\duaugjta.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eud 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gadjulij.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gmjfbn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ewq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gmxaxhgw.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\idomunpj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovqmvx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qrhushat.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.etm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rjswqrsx.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\udxfytw.sys.vir Infected: Trojan.Win32.Agent.asao 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\uqshoy.dll.vir Infected: Trojan.Win32.Monderd.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvemyz.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eud 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xndsaurb.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ewq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yyquvg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.etm 1
C:\SDFix\backups\HOSTS Infected: Trojan.Win32.Qhost.kh 1
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
C:\WINDOWS\system32\hx1.bat Infected: Trojan.BAT.KillAV.ec 1
C:\WINDOWS\system32\tmpxr_159239427104.bk Infected: Trojan.Win32.Agent.astn 1
C:\WINDOWS\system32\tmpxr_344292364345.bk Infected: Trojan.Win32.Agent.asgs 1
C:\WINDOWS\system32\tmpxr_513615853282.bk Infected: Trojan.Win32.Agent.asgt 1

The selected area was scanned.
  • 0

#23
fenzodahl512
Posted 09 December 2008 - 10:39 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders


Find and delete these files manually..

C:\Documents and Settings\User\Incomplete\T-5745425-Sax Brothers - Careless Whispers remix (141 Bpm House Trance).mp3
C:\Program Files\DivX\Movies\07 Track 7.wma
C:\WINDOWS\system32\hx1.bat
C:\WINDOWS\system32\tmpxr_159239427104.bk



Just tell me whether you succeed deleting all files and also tell me, how is the computer now?
  • 0

#24
elvisxb
Posted 09 December 2008 - 10:59 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I was able to remove all the files. My computer is running perfect, except when I boot up, internet explorer opens up with a blank page.
  • 0

#25
fenzodahl512
Posted 09 December 2008 - 11:40 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
So, can you reach the internet?.. And can you set the homepage to let say Google.com manually? :)
  • 0

Advertisements

#26
elvisxb
Posted 10 December 2008 - 05:23 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes I could reach the internet and set the home page.
  • 0

#27
fenzodahl512
Posted 10 December 2008 - 10:26 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Well, how is your computer now?.. Anymore problem? :)
  • 0

#28
elvisxb
Posted 11 December 2008 - 01:17 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OMG... all of the udxfytw.sys and stuff came back, I haven't downloaded anything either...
  • 0

#29
elvisxb
Posted 11 December 2008 - 05:16 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Nvm, I was able to remove it myself with Malawarebyes. Thanks for all your help! :)
  • 0

#30
elvisxb
Posted 11 December 2008 - 06:12 PM

elvisxb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
... It came back after i restarted my comp -_-
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP