|
|
marleyboy
new user
Reg'd: Sun
Posts: 1
|
|
hey i am having the same problem as that other guy and i already ran Combofix but after a while the taskbar and desktop disappear and i have to keep running the Combofix to solve the problem. Here's my log file i got after running combofix, i hope you can help me out, it would be greatly appreciated.
ComboFix 08-05-29.1 - romel 2008-06-01 14:32:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1223 [GMT -4:00]
Running from: C:\Documents and Settings\romel\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\CMSYFfii.ini
C:\WINDOWS\system32\CMSYFfii.ini2
C:\WINDOWS\system32\iifFYSMC.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.
2008-06-01 11:24 . 2001-08-23 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-01 11:23 . 2001-08-23 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-06-01 11:21 . 2008-06-01 11:21 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-01 11:21 . 2008-06-01 11:21 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-01 11:21 . 2008-06-01 11:21 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-01 11:21 . 2008-06-01 11:21 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-01 11:21 . 2008-06-01 11:21 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-01 11:21 . 2008-06-01 11:21 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-01 11:13 . 2008-06-01 11:27 <DIR> d-------- C:\WINDOWS\NV8801288.TMP
2008-06-01 11:09 . 2001-08-23 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-06-01 11:09 . 2001-08-23 08:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-06-01 11:09 . 2001-08-23 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-06-01 11:09 . 2001-08-23 08:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-06-01 11:09 . 2008-06-01 12:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-01 01:33 . 2008-06-01 01:33 <DIR> d-------- C:\Documents and Settings\romel\Application Data\Grisoft
2008-06-01 01:33 . 2008-06-01 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 01:33 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-01 01:31 . 2008-06-01 01:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-31 22:18 . 2008-05-31 22:18 58,368 --a------ C:\WINDOWS\system32\tuvUOFXn.dll
2008-05-31 20:13 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2008-05-31 20:12 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2008-05-31 20:12 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2008-05-31 20:12 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-05-31 20:12 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2008-05-31 20:12 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2008-05-31 20:12 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2008-05-31 20:12 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-05-31 20:12 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-05-31 20:03 . 2008-05-31 20:03 <DIR> d-------- C:\Documents and Settings\romel\Application Data\Teleca
2008-05-31 20:03 . 2008-05-31 20:03 <DIR> d-------- C:\Documents and Settings\romel\Application Data\Sony Ericsson
2008-05-31 19:58 . 2008-05-31 19:58 <DIR> d-------- C:\Program Files\Disc2Phone
2008-05-31 19:55 . 2008-05-31 19:55 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-23 08:13 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-23 08:13 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-23 08:12 . 2008-05-23 08:12 0 --a------ C:\WINDOWS\Irremote.ini
2008-05-23 07:54 . 2008-05-23 07:54 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-05-23 07:50 . 2008-06-01 11:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-23 00:21 . 2008-05-23 00:21 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-21 20:29 . 2008-05-21 20:29 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-12 22:50 . 2008-05-12 22:51 533 --a------ C:\WINDOWS\cdplayer.ini
2008-05-12 11:50 . 2008-05-12 11:50 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\Program Files\ElcomSoft
2008-05-06 12:15 . 2008-05-06 12:15 <DIR> d-------- C:\NV36281276.TMP
2008-05-05 01:36 . 2008-05-05 01:36 <DIR> d-------- C:\Program Files\LimeWire
2008-05-03 17:32 . 2008-05-03 17:33 <DIR> d-------- C:\Documents and Settings\romel\Application Data\FrostWire
2008-05-03 17:31 . 2008-05-03 17:39 <DIR> d-------- C:\Program Files\FrostWire
2008-05-02 20:38 . 2008-05-02 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 18:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-01 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-01 17:08 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-06-01 17:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-01 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-01 16:48 --------- d-----w C:\Program Files\FileSubmit
2008-06-01 05:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 21:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-30 21:04 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-30 21:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-30 21:04 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-30 21:04 --------- d-----w C:\Program Files\Symantec
2008-05-29 20:46 --------- d-----w C:\Documents and Settings\romel\Application Data\uTorrent
2008-05-29 19:36 --------- d-----w C:\Documents and Settings\romel\Application Data\LimeWire
2008-05-17 02:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 16:57 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-05-05 19:38 --------- d-----w C:\Program Files\Azureus
2008-05-05 05:45 --------- d-----w C:\Documents and Settings\romel\Application Data\Azureus
2008-05-04 16:07 --------- d-----w C:\Program Files\Real
2008-04-29 03:41 --------- d-----w C:\Program Files\BitComet
2008-04-27 20:54 --------- d-----w C:\Program Files\JetAudio
2008-04-26 23:31 8,464 ----a-w C:\WINDOWS\system32\SpOrder.dll
2008-04-26 16:38 --------- d-----w C:\Program Files\TGTSoft
2008-04-26 14:49 --------- d-----w C:\Program Files\PowerISO
2008-04-23 19:44 --------- d-----w C:\Program Files\DivX
2008-04-23 17:06 --------- d-----w C:\Documents and Settings\romel\Application Data\vlc
2008-04-23 16:59 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 14:37 --------- d-----w C:\Program Files\Java
2008-04-23 13:24 --------- d-----w C:\Program Files\Norton 360
2008-04-23 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-16 15:53 --------- d-----w C:\Program Files\Common Files\DirectX
2008-04-15 23:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-04-15 22:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-12 14:37 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-12 14:33 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-12 14:33 --------- d-----w C:\Documents and Settings\romel\Application Data\DAEMON Tools
2008-04-11 23:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 22:10 653,176 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-22 23:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-02 21:47 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-01_14.21.38.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 17:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 18:36:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-01 18:05:58 25,214 ----a-r C:\WINDOWS\Installer\{B28B351F-1232-46EA-85EF-B8EA91641033}\ARPPRODUCTICON.exe
- 2000-08-31 11:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2004-07-26 20:16:10 1,568,768 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2004-07-26 20:16:10 476,320 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2004-07-26 20:16:10 262,144 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2004-07-26 20:16:10 471,040 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2005-02-16 18:18:04 90,184 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2004-07-09 12:43:56 364,544 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2006-07-14 20:29:44 966,656 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2006-07-14 20:29:44 966,656 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2006-07-14 20:29:44 966,656 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2006-07-14 20:29:44 966,656 ----a-w C:\WINDOWS\UNRecode.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}]
2008-05-31 22:18 58368 --a------ C:\WINDOWS\system32\tuvUOFXn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31 1372160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-10-30 16:29 1440354]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-16 14:55 2729584]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-22 19:42 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 06:14 16844800 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}"= C:\WINDOWS\system32\tuvUOFXn.dll [2008-05-31 22:18 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUOFXn]
tuvUOFXn.dll 2008-05-31 22:18 58368 C:\WINDOWS\system32\tuvUOFXn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-06-24 15:16 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-05 22:24 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler]
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8363:TCP"= 8363:TCP:BitComet 8363 TCP
"8363:UDP"= 8363:UDP:BitComet 8363 UDP
R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-09-11 03:18]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-02-29 22:19]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-16 14:55]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;C:\WINDOWS\system32\drivers\nvhda32.sys [2007-07-16 11:38]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-06 12:57]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 14:38:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tuvUOFXn.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\DOCUME~1\romel\LOCALS~1\temp\ir_ext_temp_0\autorun.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Completion time: 2008-06-01 14:41:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 18:41:47
ComboFix2.txt 2008-06-01 17:22:00
ComboFix3.txt 2008-06-01 16:16:06
Pre-Run: 18,811,142,144 bytes free
Post-Run: 18,823,659,520 bytes free
261 --- E O F --- 2008-04-27 21:47:54
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28276
Loc: belfast
|
|
Welcome to the Webuser forum. 
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\WINDOWS\system32\tuvUOFXn.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\BrowserHelperObjects\{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}]
"C:\WINDOWS\system32\tuvUOFXn.dll"=-
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\tuvUOFXn]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
This will start ComboFix again.(it may ask you to reboot your computer)
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing.
|
|
0 registered and 24 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Topic
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Topic views: 0
|
|
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
