Support Forum for TrojanHunter anti-malware remover and other products, including freeware

Welcome, Guest. Please Login or Register.

Search

Members

Login

Register

   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   Help on deleting xvyu5i4c

« Previous topic | Next topic »

Pages: 1 2 3 4

Notify of replies

Send Topic

Author

Topic: Help on deleting xvyu5i4c (Read 5288 times)

Jagare525
Junior Member

Gender:

Posts: 51

Help on deleting xvyu5i4c
« on: Oct 14^th, 2008, 12:02am »

I found this file call xvyu5i4c on my computer, a couple of days ago. And every time I delete it, it will reappear when I restart my computer. I try using safe mode to delete it but it still reappear it. I have spy sweeper and search and destroy, neither of them seem to find any problems with it. Can someone please help me. Every once awhile the thing will open tons of IE pages. I disable IE so I'm not sure what they are. But I'm pretty sure xvyu5i4c is the thing that is responsible for causing me all these issues. If anyone could help me, thank you.

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Help on deleting xvyu5i4c
« Reply #1 on: Oct 14^th, 2008, 12:13am »

Welcome to the forum Jagare525 Cheesy

Yes, xvyu5i4c is known malware. Please do the following:

1. Make all your files and folders visible via the procedure in the link below:

http://www.misec.net/forum/board/FAQ/1139610900

2. Download/install Hijackthis via the link below:

http://www.misec.net/forum/board/FAQ/1163329424

3. Download and install the Trial Version of TrojanHunter. The download link is at the top of this forum.

4. Once you get TrojanHunter installed, please manually update its rulesets to the latest version via the instructions at the link below.

http://www.misec.net/trojanhunter/updating/

5. Reboot your computer into SAFE MODE.

6. Run a FULL system scan with TrojanHunter. Let it quarantine what it finds.

7. Reboot back into Normal Mode

8. Post back here the scan report from TrojanHunter. It is located in folder Scan Reports at C:\Program Files\TrojanHunter 5.0\Scan Reports.

9. Run Hijackthis and post its scan report back here too.

IP Logged

______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #2 on: Oct 15^th, 2008, 2:54am »

I have a problem with removing the xvyu5i4c. After the program finish scanning for virus. It says cleaning trojan is not available in trial version. Is there a way for me to remove it, or do I have to buy the trojanhunter.

Well here's the scan log for trojanhunter:
TrojanHunter Scan Report - Saved 2008-10-15 02:48

Found trojan file: C:\WINDOWS\system32\XVYUhIjC(2).dll/Upx.iedmwyfq (TrojanDownloader.BHO.145)

And here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:34 AM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Cursors\lsass.exe
C:\WINDOWS\Cursors\lsass.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Cursors\lsass.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EB0BD6-4DDE-4384-BDEC-EA507E354AEA} : NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E657BE01-4D52-4B7A-AED1-D4F1727D76B6} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10764 bytes

Thank you for your help.

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Help on deleting xvyu5i4c
« Reply #3 on: Oct 15^th, 2008, 3:08am »

Your Hijackthis log is showing some other infections as well. Please do the following:

1. Go to the link below and follow the instructions for downloading and running Combofix.exe

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

NOTE: You can bypass the section concerning installing the Windows XP Recovery Console.

2. Post back here the log generated by Combofix.exe

3. Post a new Hijackthis log.

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Help on deleting xvyu5i4c
« Reply #4 on: Oct 15^th, 2008, 3:13am »

In addition to my post above:

Your JAVA applet is severely out-of-date. For security reasons, you do need to keep this up-to-date. The link below provides a neat tool for updating Java and for removing older versions of Java. Please update Java.

http://www.misec.net/forum/board/FAQ/1216543051

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #5 on: Oct 15^th, 2008, 12:43pm »

Ok, I was finally able to remove the xvyu5i4c. I was having trouble with the combofix yesterday night, everytime it keep running after awhile it keep closing. I was finally able to resolve that problem to.

This is the combofix log:
ComboFix 08-10-14.07 - William 2008-10-15 12:29:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1572 [GMT -5:00]
Running from: C:\Documents and Settings\William\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\cuRtnM8A.exe.a_a
C:\WINDOWS\system32\xvyu5i4c.exe.a_a

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-15 03:20 . 2008-10-15 03:22<DIR>d--------C:\Program Files\JavaRa
2008-10-15 03:06 . 2008-10-15 03:06<DIR>d--------C:\Program Files\CCleaner
2008-10-15 03:06 . 2008-10-15 03:06<DIR>d--------C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 03:05 . 2008-10-15 03:05<DIR>d--------C:\Program Files\Foxit Software
2008-10-15 02:47 . 2008-10-15 02:47<DIR>d--------C:\Documents and Settings\William\Application Data\TrojanHunter
2008-10-15 02:41 . 2008-10-15 02:41<DIR>d--------C:\Documents and Settings\Administrator.HOME\Application Data\TrojanHunter
2008-10-15 01:35 . 2007-12-11 19:57<DIR>d--------C:\Documents and Settings\Administrator.HOME\Application Data\Intel
2008-10-15 01:35 . 2008-10-15 01:35<DIR>d--------C:\Documents and Settings\Administrator.HOME
2008-10-15 01:29 . 2008-10-15 12:10<DIR>d--------C:\Program Files\TrojanHunter 5.0
2008-10-15 01:24 . 2008-10-15 01:24<DIR>d--------C:\Program Files\Trend Micro
2008-10-15 01:22 . 2008-10-15 12:2354,156--ah-----C:\WINDOWS\QTFont.qfn
2008-10-15 01:22 . 2008-10-15 01:221,409--a------C:\WINDOWS\QTFont.for
2008-10-15 01:19 . 2008-10-15 01:19<DIR>d--------C:\WINDOWS\ShellNew
2008-10-15 01:19 . 2008-10-15 01:19<DIR>d--------C:\Program Files\Microsoft ActiveSync
2008-10-15 01:17 . 2008-10-15 01:17<DIR>d--------C:\Program Files\Spybot - Search & Destroy
2008-10-15 01:17 . 2008-10-15 03:26<DIR>d--------C:\Program Files\Java
2008-10-15 01:17 . 2008-10-15 01:17<DIR>d--------C:\Program Files\Common Files\Java
2008-10-15 00:21 . 2008-09-15 07:121,846,400-----c---C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 00:21 . 2008-09-08 05:41333,824-----c---C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 00:20 . 2008-08-14 05:112,189,184-----c---C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 00:20 . 2008-08-14 05:092,145,280-----c---C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 00:20 . 2008-08-14 04:332,066,048-----c---C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 00:20 . 2008-08-14 04:332,023,936-----c---C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 00:17 . 2008-10-15 03:08<DIR>d--------C:\Program Files\SpywareBlaster
2008-10-10 03:29 . 2008-10-10 03:29164--a------C:\install.dat
2008-10-10 03:06 . 2008-10-10 03:06<DIR>d--------C:\Program Files\Java(2)
2008-10-10 03:05 . 2008-10-15 01:17<DIR>d--------C:\Program Files\Common Files\Java(2)
2008-10-05 21:02 . 2008-10-05 21:02<DIR>d--------C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-10-05 20:54 . 2008-10-15 01:17<DIR>d--------C:\Program Files\Spybot - Search & Destroy(2)
2008-10-05 18:11 . 2008-10-15 01:17<DIR>d--------C:\Program Files\Starcraft(2)
2008-10-05 18:11 . 2008-10-05 18:1332,930--a------C:\WINDOWS\scunin.dat
2008-10-04 21:53 . 2008-10-15 01:17<DIR>d---s----C:\Documents and Settings\Administrator
2008-09-29 00:06 . 2008-09-29 00:08<DIR>d--------C:\WINDOWS\ShellNew(2)
2008-09-29 00:06 . 2008-09-29 00:06<DIR>d--------C:\Program Files\Common Files\L&H

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 06:22---------d-----wC:\Program Files\Lx_cats
2008-10-15 06:19---------d-----wC:\Documents and Settings\William\Application Data\uTorrent
2008-10-15 06:17---------d-----wC:\Program Files\Winamp
2008-10-15 06:17---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-10 07:13---------d-----wC:\Documents and Settings\William\Application Data\LimeWire
2008-09-15 12:121,846,400----a-wC:\WINDOWS\system32\win32k.sys
2008-09-14 04:57---------d-----wC:\Program Files\Warcraft III
2008-09-13 04:30---------d-----wC:\Program Files\LimeWire
2008-09-08 10:41333,824----a-wC:\WINDOWS\system32\drivers\srv.sys
2008-09-06 23:32---------d-----wC:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-06 07:54---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-06 07:54---------d-----wC:\Documents and Settings\William\Application Data\Megaupload
2008-09-06 07:54---------d-----wC:\Documents and Settings\William\Application Data\EmailNotifier
2008-09-06 07:54---------d-----wC:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-06 07:54---------d-----wC:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-08-28 06:11---------d-----wC:\Program Files\MSXML 4.0
2008-08-27 07:03---------d-----wC:\Documents and Settings\William\Application Data\Nero
2008-08-27 07:01---------d-----wC:\Program Files\Common Files\Nero
2008-08-27 06:59---------d-----wC:\Program Files\Nero
2008-08-27 06:59---------d-----wC:\Documents and Settings\All Users\Application Data\Nero
2008-08-26 07:24826,368----a-wC:\WINDOWS\system32\wininet.dll
2008-08-24 21:1943,320----a-wC:\Documents and Settings\William\Application Data\GDIPFONTCACHEV1.DAT
2008-08-20 19:16720,896--sha-wC:\WINDOWS\Cursors\lsass.exe
2008-08-14 10:092,145,280----a-wC:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:332,023,936----a-wC:\WINDOWS\system32\ntkrnlpa.exe
2008-08-04 23:5098,304----a-wC:\WINDOWS\DUMP5786.tmp
2008-07-19 03:1094,920----a-wC:\WINDOWS\system32\cdm.dll
2008-07-19 03:1053,448----a-wC:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:1045,768----a-wC:\WINDOWS\system32\wups2.dll
2008-07-19 03:1036,552----a-wC:\WINDOWS\system32\wups.dll
2008-07-19 03:09563,912----a-wC:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09325,832----a-wC:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09205,000----a-wC:\WINDOWS\system32\wuweb.dll
2008-07-19 03:091,811,656----a-wC:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07270,880----a-wC:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07210,976----a-wC:\WINDOWS\system32\muweb.dll
2007-12-16 20:2622,328----a-wC:\Documents and Settings\William\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-06-10 12:2997064--a------C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-25 7573504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2008-06-10 2049320]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-10-15 1056928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft blueserver
"12345:TCP"= 12345:TCP:BitComet 12345 TCP
"12345:UDP"= 12345:UDP:BitComet 12345 UDP

R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-06-10 53032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 13225]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys [ ]
S3 XDva119;XDva119;C:\WINDOWS\system32\XDva119.sys [ ]
S3 XDva121;XDva121;C:\WINDOWS\system32\XDva121.sys [ ]
S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys [ ]
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys [ ]
S3 XDva164;XDva164;C:\WINDOWS\system32\XDva164.sys [ ]
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys [ ]
S3 XDva167;XDva167;C:\WINDOWS\system32\XDva167.sys [ ]
S3 XDva177;XDva177;C:\WINDOWS\system32\XDva177.sys [ ]
S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [ ]
S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-10 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-15 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-11 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-15 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-14 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-14 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-14 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-14 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-15 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-15 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-14 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-15 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-14 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-10 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-10 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-10 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-10 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-15 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-15 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-12 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-14 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-14 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-14 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-14 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\xvyu5i4c.exe []

2008-10-13 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-13 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-10 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-10 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\cuRtnM8A.exe []

2008-10-10 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\cuRtnM8A.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\9mtao6tf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE www.gamefaqs.com
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

************************************************************************ **

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 12:31:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************************ **
.
Completion time: 2008-10-15 12:32:35
ComboFix-quarantined-files.txt 2008-10-15 17:32:28

Pre-Run: 17,092,984,832 bytes free
Post-Run: 17,102,925,824 bytes free

310--- E O F ---2008-10-15 08:01:11

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #6 on: Oct 15^th, 2008, 12:43pm »

And here's the new updated hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:50 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EB0BD6-4DDE-4384-BDEC-EA507E354AEA} : NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E657BE01-4D52-4B7A-AED1-D4F1727D76B6} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9678 bytes

P.S. After running combofix, my keyboard stop working. I'm not sure what cause it. I try resetting it. But nothing happens. I was able to type this because I hook a keyboard up into my laptop. Do you know what happen, to cause my keyboard and my touch pad to stop function?

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Help on deleting xvyu5i4c
« Reply #7 on: Oct 15^th, 2008, 1:56pm »

I cannot tell from the logs if anything that was quarantined by ComboFix.exe affected your keyboard. Do you have special drivers for the keyboard that you can re-install?

What happens if you go into the Device Manager and uninstall the keyboard driver and then reboot and let Windows re-detect the keyboard and install the drivers?

As for your Hijackthis log, it is now showing that your system is clean. Please do the following:

1. Run another Hijackthis scan. When the scan is completed, place a checkmark in the box next to the following items. BE SURE that these are the only items checked.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

2. Close your browser

3. Click on Fix Checked located at the lower left of the Hijackthis window. Confirm that you want HJT to fix these items and let it fix them.

4. Close Hijackthis and immediately reboot your computer.

After your system is rebooted,

1. Delete Combofix.exe from your desktop.

2. Delete the Combofix log from your system.

3. Delete the Combofix quarantine folder which is a folder named Qoobox and is probably located under the root C:\.

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #8 on: Oct 16^th, 2008, 1:06am »

Thanks for all your help. Everything is working again. I fix the keyboard, your direction are very clear and it help out a lot. I'm going to post one more hijacklist log to make sure I got everything done. And I can't help to appreciate all your hard work to help me out. You're reply were fast, your direction were clear and very helpful.

Here's the latest hijacklist log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:32 AM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EB0BD6-4DDE-4384-BDEC-EA507E354AEA} : NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E657BE01-4D52-4B7A-AED1-D4F1727D76B6} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9348 bytes

And once again thank you, thank you for all your help. Grin

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Help on deleting xvyu5i4c
« Reply #9 on: Oct 16^th, 2008, 2:14am »

Your HJT scan log is showing no infections � Cheesy

I'm very glad that you got your keyboard/touchpad working again. �Sometimes removing malware can/does result in adverse affects that require additional effort to fix....which you appear to have very skillfully handled. �

If you need further assistance in the future, please do not hesitate to post again. �

BTW... Java 6, Update 10 was released yesterday.

http://www.misec.net/forum/board/SoftwareUpdates/1224133898

« Last Edit: Oct 16^th, 2008, 2:16am by siliconman01 »

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #10 on: Dec 16^th, 2008, 8:28pm »

Siliconman01, I'm sorry to say I'm in need of help again. I have no clue what happen but lately my firefox and IE been opening up random pages. I try using trojanhunter to find the virus but I can't find any. I also delete all my cookies. Still no help.

Well here's my HJ list maybe this will help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:38 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cuRtnM8A.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {2611847c-dfd3-4103-b166-5ddc5a703b3c} - C:\WINDOWS\system32\sagujele.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [5000843b] rundll32.exe "C:\WINDOWS\system32\fojawuka.dll",b
O4 - HKLM\..\Run: [feyowijore] Rundll32.exe "C:\WINDOWS\system32\wohupuda.dll",s
O4 - HKLM\..\Run: [CPM5333b7a7] Rundll32.exe "c:\windows\system32\gejanojo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Startup: SpywareBlasterer.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EB0BD6-4DDE-4384-BDEC-EA507E354AEA} : NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E657BE01-4D52-4B7A-AED1-D4F1727D76B6} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{080CA695-1D92-430A-9BBC-8D7B959F4BBD} : NameServer = 68.94.156.1,68.94.157.1
O20 - AppInit_DLLs: c:\windows\system32\gejanojo.dll,C:\WINDOWS\system32\lonayemu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gejanojo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gejanojo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11290 bytes

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #11 on: Dec 17^th, 2008, 12:04am »

Also sometimes, the site kick me out of program when I'm in full screen mode. Most of the time it just open sites about spyware remover.

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Help on deleting xvyu5i4c
« Reply #12 on: Dec 17^th, 2008, 12:10am »

You are significantly infected. �Please do the following:

1. �Make all your files and folders visible via the instructions in the link below:

http://www.misec.net/forum/board/FAQ/1139610900

2. �Please locate each of the following files and submit them to Mischel Internet Security for analysis. �The link below describes how to submit files:

http://www.misec.net/forum/board/FAQ/1139308293

Files to submit:

cuRtnM8A.exe
sagujele.dll
wohupuda.dll
gejanojo.dll
fojawuka.dll
lonayemu.dll

The above files are all in your C:\Windows\System32 folder.

3. �Download Combofix.exe from the link below. �Save it on your desktop. NOTE: If Combofix.exe is already on your computer, replace it with the latest version from the link below.� �
� �
http://download.bleepingcomputer.com/sUBs/ComboFix.exe � �
� �
3. �Temporarily disable all your security programs EXCEPT your software firewall. � �
� �
4. �Close down as many programs as you can (icons next to the clock in your task bar). � �
� �
5. �Go to the link below and follow the instructions for running Combofix.exe. �You can bypass the part about installing the recovery console if you wish. �You may wish to print out these instructions. �
� �
http://www.bleepingcomputer.com/combofix/how-to-use-combofix �
� �
6. �After you have completed running Combofix, please post back here the Combofix log.

7. �Run a scan with Hijackthis and post the new scan log back here.

« Last Edit: Dec 17^th, 2008, 12:14am by siliconman01 »

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #13 on: Dec 17^th, 2008, 12:40am »

Hey thank you for the quick reply.
Here's part 1 of the combofix.
ComboFix 08-12-16.03 - William 2008-12-17 0:30:07.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1456 [GMT -6:00]
Running from: c:\documents and settings\William\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\akuwajof.ini
c:\windows\system32\axbw2k1e.dll
c:\windows\system32\cuRtnM8A.exe
c:\windows\system32\cuRtnM8A.exe.a_a
c:\windows\Tasks\At11.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At23.job

.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-15 03:49 . 2008-12-15 03:4831,744--a------c:\windows\system32\oAUjw6cS.exe
2008-12-15 03:27 . 2008-12-15 03:27<DIR>d--------c:\documents and settings\William\Application Data\Snapfish
2008-12-03 00:42 . 2008-12-03 00:42<DIR>d--------c:\program files\Java
2008-12-03 00:42 . 2008-12-03 00:4273,728--a------c:\windows\system32\javacpl.cpl
2008-11-29 21:55 . 2008-12-10 00:16<DIR>d--------c:\program files\Starcraft
2008-11-29 21:55 . 2008-11-29 22:0194,208--a------c:\windows\ScUnin.exe
2008-11-29 21:55 . 2008-11-29 22:01967--a------c:\windows\ScUnin.pif
2008-11-20 11:17 . 2008-11-20 11:17<DIR>d--------c:\program files\Ventrilo
2008-11-20 11:17 . 2008-11-20 11:17<DIR>d--------c:\program files\Common Files\Wise Installation Wizard
2008-11-20 11:17 . 2008-11-20 11:17262--a------c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseF W.ini
2008-11-19 01:30 . 2008-12-13 22:04<DIR>d--------c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 06:32---------d---a-wc:\documents and settings\All Users\Application Data\TEMP
2008-12-17 04:28---------d-----wc:\program files\SpywareBlaster
2008-12-17 02:231,852----a-wc:\windows\system32\ealregsnapshot1.reg
2008-12-17 00:2595,004--sha-wc:\windows\system32\gejanojo.dll
2008-12-17 00:2585,161--sha-wc:\windows\system32\fojawuka.dll
2008-12-17 00:2562,112--sha-wc:\windows\system32\tavahozu.dll
2008-12-15 09:26---------d--h--wc:\program files\InstallShield Installation Information
2008-12-14 14:02---------d-----wc:\program files\Lx_cats
2008-12-03 06:50---------d-----wc:\program files\Spybot - Search & Destroy
2008-12-03 06:50---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 06:42410,984----a-wc:\windows\system32\deploytk.dll
2008-11-30 18:33---------d-----wc:\documents and settings\William\Application Data\LimeWire
2008-11-20 17:19---------d-----wc:\documents and settings\William\Application Data\Ventrilo
2008-11-14 07:42---------d-----wc:\documents and settings\William\Application Data\uTorrent
2008-11-13 19:48---------d-----wc:\program files\Common Files\DirectX
2008-11-13 19:03---------d-----wc:\documents and settings\All Users\Application Data\InstallShield
2008-11-13 18:57---------d-----wc:\program files\Gravity
2008-11-13 18:57---------d-----wc:\program files\Common Files\InstallShield
2008-11-12 04:35---------d-----wc:\program files\Windows Installer Clean Up
2008-11-12 04:35---------d-----wc:\program files\MSECache
2008-11-10 06:38---------d-----wc:\documents and settings\William\Application Data\Bioshock
2008-11-09 10:51---------d--h--rc:\documents and settings\William\Application Data\SecuROM
2008-11-08 06:52---------d--h--wc:\documents and settings\William\Application Data\ijjigame
2008-10-30 07:53---------d-----wc:\program files\Max Payne
2008-10-26 04:17107,888----a-wc:\windows\system32\CmdLineExt.dll
2008-10-26 04:16---------dc-h--wc:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-26 04:06---------d-----wc:\program files\Electronic Arts
2008-10-24 11:21455,296----a-wc:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36286,720----a-wc:\windows\system32\gdi32.dll
2008-10-20 04:47---------d-----wc:\program files\LimeWire
2008-10-16 20:38826,368----a-wc:\windows\system32\wininet.dll
2008-10-16 20:13202,776----a-wc:\windows\system32\wuweb.dll
2008-10-16 20:131,809,944----a-wc:\windows\system32\wuaueng.dll
2008-10-16 20:12561,688----a-wc:\windows\system32\wuapi.dll
2008-10-16 20:12323,608----a-wc:\windows\system32\wucltui.dll
2008-10-16 20:0992,696----a-wc:\windows\system32\cdm.dll
2008-10-16 20:0951,224----a-wc:\windows\system32\wuauclt.exe
2008-10-16 20:0943,544----a-wc:\windows\system32\wups2.dll
2008-10-16 20:0834,328----a-wc:\windows\system32\wups.dll
2008-10-16 20:06268,648----a-wc:\windows\system32\mucltui.dll
2008-10-16 20:06208,744----a-wc:\windows\system32\muweb.dll
2008-10-10 08:29164----a-wC:\install.dat
2008-10-03 10:02247,326----a-wc:\windows\system32\strmdll.dll
2008-09-30 22:431,286,152----a-wc:\windows\system32\msxml4.dll
2008-09-17 00:2562,112--sha-wc:\windows\system32\wohupuda.dll
2008-09-17 00:2562,112--sha-wc:\windows\system32\sagujele.dll
2008-08-24 21:1943,320----a-wc:\documents and settings\William\Application Data\GDIPFONTCACHEV1.DAT
2007-12-16 20:2622,328----a-wc:\documents and settings\William\Application Data\PnkBstrK.sys
2008-08-20 19:16720,896--sha-wc:\windows\Cursors\lsass.exe
2008-09-13 20:2532,768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2611847c-dfd3-4103-b166-5ddc5a703b3c}]
2008-09-16 18:2562112--ahs----c:\windows\system32\sagujele.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-06-10 11:2997064--a------c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-25 7573504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-06-10 2049320]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-15 1056928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-07-30 282624]
"5000843b"="c:\windows\system32\fojawuka.dll" [2008-12-16 85161]
"feyowijore"="c:\windows\system32\wohupuda.dll" [2008-09-16 62112]
"CPM5333b7a7"="c:\windows\system32\gejanojo.dll" [2008-12-16 95004]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]

c:\documents and settings\William\Start Menu\Programs\Startup\
SpywareBlasterer.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-10-15 1320464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\gejanojo.dll" [2008-12-16 95004]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gejanojo.dll [2008-12-16 95004]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli c:\windows\system32\lonayemu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Creative\\Mixer\\CTSVolFE.exe"=
"c:\\Program Files\\Nero\\Nero8\\InCD\\NBHGui.exe"=
"c:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe"=
"c:\\Program Files\\TrojanHunter 5.0\\THGuard.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft blueserver
"12345:TCP"= 12345:TCP:BitComet 12345 TCP
"12345:UDP"= 12345:UDP:BitComet 12345 UDP

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-06-10 53032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-12-11 24652]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2007-12-11 13225]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva119;XDva119;\??\c:\windows\system32\XDva119.sys []
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys []
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys []
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys []
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys []
S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys []
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys []
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys []
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys []
.

IP Logged

Jagare525
Junior Member

Gender:

Posts: 51

Re: Help on deleting xvyu5i4c
« Reply #14 on: Dec 17^th, 2008, 12:40am »

And here's part 2 of combo fix.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\At18.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-15 c:\windows\Tasks\At19.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-16 c:\windows\Tasks\At2.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-17 c:\windows\Tasks\At20.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-17 c:\windows\Tasks\At25.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-16 c:\windows\Tasks\At26.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-16 c:\windows\Tasks\At27.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-16 c:\windows\Tasks\At28.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-15 c:\windows\Tasks\At29.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-16 c:\windows\Tasks\At3.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-12 c:\windows\Tasks\At30.job
- c:\windows\system32\xvyu5i4c.exe []

2008-11-22 c:\windows\Tasks\At31.job
- c:\windows\system32\xvyu5i4c.exe []

2008-11-23 c:\windows\Tasks\At32.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-04 c:\windows\Tasks\At33.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-04 c:\windows\Tasks\At34.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-02 c:\windows\Tasks\At35.job
- c:\windows\system32\xvyu5i4c.exe []

2008-11-26 c:\windows\Tasks\At36.job
- c:\windows\system32\xvyu5i4c.exe []

2008-11-29 c:\windows\Tasks\At37.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-13 c:\windows\Tasks\At38.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-13 c:\windows\Tasks\At39.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-16 c:\windows\Tasks\At4.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-14 c:\windows\Tasks\At40.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-14 c:\windows\Tasks\At41.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-13 c:\windows\Tasks\At42.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-15 c:\windows\Tasks\At43.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-17 c:\windows\Tasks\At44.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-17 c:\windows\Tasks\At45.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-17 c:\windows\Tasks\At46.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-15 c:\windows\Tasks\At47.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-17 c:\windows\Tasks\At48.job
- c:\windows\system32\xvyu5i4c.exe []

2008-12-16 c:\windows\Tasks\At49.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At5.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-16 c:\windows\Tasks\At50.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-16 c:\windows\Tasks\At51.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-16 c:\windows\Tasks\At52.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At53.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At54.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At55.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At56.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At57.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At58.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At59.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-12 c:\windows\Tasks\At6.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-15 c:\windows\Tasks\At60.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At61.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At62.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At63.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At64.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At65.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At66.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At67.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-17 c:\windows\Tasks\At68.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-17 c:\windows\Tasks\At69.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-11-22 c:\windows\Tasks\At7.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-17 c:\windows\Tasks\At70.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-15 c:\windows\Tasks\At71.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-12-17 c:\windows\Tasks\At72.job
- c:\windows\system32\oAUjw6cS.exe [2008-12-15 03:48]

2008-11-23 c:\windows\Tasks\At8.job
- c:\windows\system32\cuRtnM8A.exe []

2008-12-04 c:\windows\Tasks\At9.job
- c:\windows\system32\cuRtnM8A.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {080CA695-1D92-430A-9BBC-8D7B959F4BBD} = 68.94.156.1,68.94.157.1
TCP: {64EB0BD6-4DDE-4384-BDEC-EA507E354AEA} = 192.168.1.1,4.2.2.2
TCP: {E657BE01-4D52-4B7A-AED1-D4F1727D76B6} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\9mtao6tf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage www.gamefaqs.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

************************************************************************ **

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 00:32:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\mchInjDrv.sys

scan completed successfully
hidden files: 1

************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************************************ **
.
Completion time: 2008-12-17 0:36:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-17 06:36:12
ComboFix2.txt 2008-12-17 04:49:30

Pre-Run: 3,274,866,688 bytes free
Post-Run: 3,271,536,640 bytes free

382--- E O F ---2008-12-12 09:04:21

IP Logged

Pages: 1 2 3 4

Notify of replies

Send Topic


« Previous topic \| Next topic »