Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

bailey11

9 Posts

558

July 15th, 2007 22:00

HIJACK THIS LOG,,,..Error while scanning+Vundo virus

Hi i followed the directions to create a Hijack this log and while i was on the Analyze this stage...i clicked the analyze button and what came up was a message that said there was an error.  It said i can either exit or send an error report.
 
I think my vundo virus that my Trend micro cillin detected is causing me to not be able to use Hijack this.  Anyway, the actual problem i have is that  i use trend micro cillin and every time i log onto my desktop for the past week it gives me 10 page error that just says Possible Vundo-1 and the infected file is C:\WINDOWS\system32\awvvt.dll.
 
Sry i cant be of more help. can any1 else help?
 
Ty Frank

bailey11

9 Posts

July 15th, 2007 22:00

here is wat it said
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\rxsequod.dll",forkonce
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\ICROSO~1.NET\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 8456 bytes

Bugbatter

4 Apprentice

 • 

20.5K Posts

July 16th, 2007 09:00

Welcome :)

Your log is missing the top with the time and date. Please post your complete log so we can continue. Thanks. :)

Message Edited by Bugbatter on 07-16-2007 06:02 AM

bailey11

9 Posts

July 18th, 2007 22:00

New Combo Fix Log
 
"Frank" - 2007-07-18 19:08:08 - ComboFix 07-07-17.8 - Service Pack 2  NTFS 

((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\awtqnnl.dll
C:\WINDOWS\system32\fccaabx.dll
C:\WINDOWS\system32\qomjged.dll
C:\WINDOWS\system32\awtqnnl.dll
C:\WINDOWS\system32\fccaabx.dll
C:\WINDOWS\system32\qomjged.dll
C:\WINDOWS\system32\byxywvv.dll
C:\WINDOWS\system32\byxywvv.dll

* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Frank\APPLIC~1.\Ultimate Cleaner
C:\DOCUME~1\Frank\APPLIC~1.\Ultimate Cleaner\settings.dat
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\icroso~1.net

(((((((((((((((((((((((((   Files Created from 2007-06-18 to 2007-07-18  )))))))))))))))))))))))))))))))

2007-07-18 19:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 19:07 1,180,958 --a------ C:\Program Files\ComboFix.exe
2007-07-18 01:36 109,056 --a------ C:\Program Files\VundoFix.exe
2007-07-15 20:02 1,154,132 --a------ C:\Program Files\rr-pro-setup.exe
2007-07-15 20:02   d-------- C:\Program Files\RogueRemover PRO
2007-07-15 19:07 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-07-14 14:42 251,392 --a------ C:\Program Files\hijackthis_sfx.exe
2007-07-14 14:36   d-------- C:\DOCUME~1\Frank\APPLIC~1\Uniblue
2007-07-11 00:40   d-------- C:\WINDOWS\system32\appmgmt
2007-07-11 00:25   d-------- C:\WINDOWS\network diagnostic
2007-07-10 22:37   d-------- C:\Program Files\Lavasoft
2007-07-10 22:37   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-10 22:24   d-------- C:\VundoFix Backups
2007-07-09 02:32 23,040 --a------ C:\WINDOWS\system32\winjyp32.dll
2007-07-04 18:10   d-------- C:\Program Files\PokerStars

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-18 22:32:36 -------- d-----w C:\DOCUME~1\Frank\APPLIC~1\Xfire
2007-07-18 17:15:02 32,768 ----a-w C:\Program Files\channelclub-july15-aug11.xls
2007-07-16 00:02:52 2,014 ---h--r C:\WINDOWS\system32\drivers\hosts
2007-07-15 23:39:50 -------- d-----w C:\Program Files\World of Warcraft
2007-07-15 23:07:31 -------- d-----w C:\Program Files\Trend Micro
2007-07-14 17:30:52 -------- d-s---w C:\Program Files\Xfire
2007-07-11 18:43:02 56 --sh--r C:\WINDOWS\system32\068DFF86AE.sys
2007-07-11 18:43:01 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-11 04:40:31 -------- d-----w C:\Program Files\Call of Duty
2007-07-11 04:37:07 -------- d-----w C:\Program Files\KnightOnline
2007-07-11 04:36:59 -------- d-----w C:\Program Files\LimeWire
2007-07-11 02:37:18 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-15 22:31:05 -------- d-----w C:\DOCUME~1\Frank\APPLIC~1\Corel
2007-06-12 23:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-12 23:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-12 22:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-06-11 01:06:04 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-06-09 19:55:12 810,636 ----a-w C:\Program Files\WoW-2.1.1.6739-to-0.1.2.6757-enUS-downloader.exe
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-26 23:05:23 -------- d-----w C:\DOCUME~1\Frank\APPLIC~1\SecondLife
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2006-10-02 22:36:55 5,917,128 ----a-w C:\Program Files\PartyPokerSetup.exe
2006-09-11 20:01:05 2,409,376 ----a-w C:\Program Files\xfire_installer_21654.exe
2006-09-03 00:23:21 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe
2006-08-19 02:44:20 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09AAC204-1874-43C3-ABDE-09CA55F04455}]
   C:\WINDOWS\system32\awvvt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15E0BE21-A4CE-4C97-8875-2EE985B2C434}]
   C:\WINDOWS\system32\mljgd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
2004-02-05 18:26 139536 --a------ C:\Program Files\NetZero\qsacc\x1IEBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-09-08 05:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64C070DB-E4F5-4AFD-B529-5727F2122849}]
   C:\WINDOWS\system32\mljgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-22 10:30 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-06-14 15:17 94208 --a------ C:\Program Files\BAE\BAE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"@"="" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 19:04]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 10:30]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Uaol"="C:\WINDOWS\system32\ICROSO~1.NET\netdde.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
C:\DOCUME~1\Frank\STARTM~1\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-07-10 21:07:46]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-13 19:01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1FB63E52-4D6E-48C1-A08F-F630FE50F337}"="C:\WINDOWS\system32\byxywvv.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxywvv]
byxywvv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32]
winjyp32.dll --a------ 2007-07-09 02:32 23040 C:\WINDOWS\system32\winjyp32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

**************************************************************************
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 19:13:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-18 19:14:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-18 19:13
 --- E O F ---

Bugbatter

4 Apprentice

 • 

20.5K Posts

July 19th, 2007 00:00

I will reply to you in your other thread. We can close this one.

Was this post helpful?

View All

No Events found!

Top