Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Stwoyle


  • Please log in to reply
4 replies to this topic

#1 FalconFire

FalconFire

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 06 October 2005 - 03:26 AM

Hi guys.. I'm really having a big problem atm, and because you guys helped someone out already, mayb you can help me 2 :thumbsup:

I'm getting a message and I've tried many,many things to get rid of it, but it didn't help. Posted Image

I've triend topics of other people with the same message and they all end up deleting something like " c:\program files\daily weather forecast\ " butI don't have that map at all. I've tried several online scans too. Like kaspersky and Ewido. And they did find stuff, and I've deleted them but still the virus is coming back :flowers: :trumpet:

I tried a program like killbox (don't know if it's familiar to you guys) but again it came back. Some guys told me to instal win32delfkil.exe because they thought it was some sort of winstyle pest. :inlove: :huh:

I can send you the log that was created in kaspersky and also my hjt-log if needed. PLEASE HELP ME!! I'll try anything to get rid of this JUNK!!

Many thanks.. FireFox

Edited by FalconFire, 06 October 2005 - 03:28 AM.


BC AdBot (Login to Remove)

 


#2 FalconFire

FalconFire
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 06 October 2005 - 03:30 AM

Oh yeah If you want my winpfind-log:

here it is already:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
qoologic 6-10-2005 9:56:22 202953 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 22-8-2004 18:04:56 69120 C:\WINDOWS\daemon.dll
UPX! 3-5-2005 11:44:44 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 11-9-2005 20:47:00 170053 C:\WINDOWS\tsc.exe
PECompact2 11-9-2005 20:46:58 15778065 C:\WINDOWS\VPTNFILE.829
qoologic 11-9-2005 20:46:58 15778065 C:\WINDOWS\VPTNFILE.829
SAHAgent 11-9-2005 20:46:58 15778065 C:\WINDOWS\VPTNFILE.829
UPX! 11-9-2005 20:49:18 1044560 C:\WINDOWS\vsapi32.dll
aspack 11-9-2005 20:49:18 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 5-7-2002 16:12:06 27136 C:\WINDOWS\SYSTEM32\AuthDVD.DLL
PEC2 7-9-2001 7:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 15-7-2005 20:36:36 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 15-7-2005 20:36:36 692736 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 18-2-2003 11:58:36 90112 C:\WINDOWS\SYSTEM32\dprsx.dll
PTech 3-8-2005 10:33:42 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8-9-2005 21:36:34 2004832 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8-9-2005 21:36:34 2004832 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 9-9-2002 23:08:02 650752 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 7-9-2001 7:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 21-10-2002 20:13:00 1301704 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6-10-2005 8:43:26 S 2048 C:\WINDOWS\bootstat.dat
19-8-2005 13:38:34 H 231424 C:\WINDOWS\x74ca5e40.tmp
14-9-2005 21:28:46 H 0 C:\WINDOWS\inf\NVAUtlml.inf
14-9-2005 21:28:46 H 0 C:\WINDOWS\inf\NVAUtlml.PNF
3-10-2005 23:48:36 H 0 C:\WINDOWS\inf\oem12.inf
14-9-2005 21:30:20 H 0 C:\WINDOWS\inf\oem17.inf
14-9-2005 21:30:20 H 0 C:\WINDOWS\inf\oem17.PNF
14-9-2005 21:32:22 H 0 C:\WINDOWS\inf\oem18.inf
14-9-2005 21:32:22 H 0 C:\WINDOWS\inf\oem18.PNF
14-9-2005 21:32:22 H 0 C:\WINDOWS\inf\oem19.inf
14-9-2005 21:32:22 H 0 C:\WINDOWS\inf\oem19.PNF
14-9-2005 21:34:22 H 0 C:\WINDOWS\inf\oem20.inf
14-9-2005 21:34:22 H 0 C:\WINDOWS\inf\oem20.PNF
14-9-2005 21:28:42 H 0 C:\WINDOWS\inf\oem7.inf
14-9-2005 21:28:42 H 0 C:\WINDOWS\inf\oem7.PNF
30-9-2005 0:11:54 H 0 C:\WINDOWS\LastGood\INF\oem11.inf
30-9-2005 0:11:54 H 0 C:\WINDOWS\LastGood\INF\oem11.PNF
3-10-2005 23:48:36 H 0 C:\WINDOWS\LastGood\INF\oem12.inf
3-10-2005 23:48:36 H 0 C:\WINDOWS\LastGood\INF\oem12.PNF
3-10-2005 23:50:36 H 0 C:\WINDOWS\LastGood\INF\oem21.inf
3-10-2005 23:50:36 H 0 C:\WINDOWS\LastGood\INF\oem21.PNF
5-10-2005 10:24:32 H 0 C:\WINDOWS\LastGood\INF\oem22.inf
5-10-2005 10:24:32 H 0 C:\WINDOWS\LastGood\INF\oem22.PNF
5-10-2005 10:24:32 H 0 C:\WINDOWS\LastGood\INF\oem23.inf
5-10-2005 10:24:32 H 0 C:\WINDOWS\LastGood\INF\oem23.PNF
5-10-2005 16:21:40 H 0 C:\WINDOWS\LastGood\INF\oem24.inf
5-10-2005 16:21:40 H 0 C:\WINDOWS\LastGood\INF\oem24.PNF
29-9-2005 23:46:24 H 0 C:\WINDOWS\LastGood\INF\oem9.inf
29-9-2005 23:46:24 H 0 C:\WINDOWS\LastGood\INF\oem9.PNF
29-9-2005 20:43:52 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
29-9-2005 20:43:52 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
29-9-2005 20:47:44 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
29-9-2005 20:47:44 H 0 C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF
21-9-2005 10:32:14 RHS 26494 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
6-10-2005 9:44:58 H 1024 C:\WINDOWS\system32\config\default.LOG
6-10-2005 8:44:04 H 1024 C:\WINDOWS\system32\config\SAM.LOG
6-10-2005 8:44:54 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
6-10-2005 9:59:08 H 1024 C:\WINDOWS\system32\config\software.LOG
6-10-2005 9:43:36 H 1024 C:\WINDOWS\system32\config\system.LOG
15-9-2005 21:32:48 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
14-9-2005 18:57:38 HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
14-9-2005 17:58:38 H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
15-9-2005 17:52:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\19a0072a-e8be-4047-a750-558d38c2e322
5-9-2005 23:12:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\500041b9-dcd5-4696-b30b-18274bcff09d
15-9-2005 17:52:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
17-8-2005 23:04:22 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1a0bfbc0-8332-4155-b45f-4958360cbf5f
14-9-2005 21:43:50 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3e7e7a0d-9323-45e2-bd68-ba10fb447a51
14-9-2005 21:43:50 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
15-9-2005 21:20:50 S 77034 C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\CX_26409.CAT
15-9-2005 21:20:50 S 77034 C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_26409.CAT
14-9-2005 21:57:32 RHS 13698 C:\WINDOWS\system32\Restore\filelist.xml
6-10-2005 8:43:40 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
19-8-2003 9:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 7-9-2001 7:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Avance Logic, Inc. 19-6-2002 16:58:00 629248 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 9-9-2002 23:08:54 583168 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 9-9-2002 23:08:54 131584 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 30-9-2004 17:17:14 135168 C:\WINDOWS\SYSTEM32\DIRECTX.CPL
Microsoft Corporation 7-9-2001 7:00:00 151552 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 26-5-2003 5:12:14 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 9-9-2002 23:08:54 293888 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 9-9-2002 23:08:54 124928 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 9-9-2002 23:08:54 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 3-6-2005 3:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7-9-2001 7:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 22-2-2003 4:58:26 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
Microsoft Corporation 7-9-2001 7:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7-9-2001 7:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 7-9-2001 7:00:00 259584 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 5-5-2002 10:18:00 R 36864 C:\WINDOWS\SYSTEM32\NVACpl.cpl
Microsoft Corporation 7-9-2001 7:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 7-9-2001 7:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 16-4-2004 16:33:56 324096 C:\WINDOWS\SYSTEM32\QuickTime.cpl
12-8-2003 3:11:00 401408 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 9-9-2002 23:08:54 272384 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7-9-2001 7:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 7-9-2001 7:00:00 90624 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 26-5-2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 7-9-2001 7:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 9-9-2002 23:08:54 583168 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 7-9-2001 7:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29-8-2002 19:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 7-9-2001 7:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 7-9-2001 7:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 7-9-2001 7:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 7-9-2001 7:00:00 259584 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 7-9-2001 7:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 7-9-2001 7:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 9-9-2002 23:08:54 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 7-9-2001 7:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 7-9-2001 7:00:00 90624 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp. 1-7-2004 18:22:58 15692800 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\ALSNDMGR.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
5-2-2003 9:30:08 HS 84 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
30-9-2005 12:05:34 1734 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5-2-2003 9:17:50 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
5-2-2003 9:30:08 HS 84 C:\Documents and Settings\Lars en Wietse.EIGENAAR-459VGR\Menu Start\Programma's\Opstarten\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

Items found in C:\Documents and Settings\Lars en Wietse.EIGENAAR-459VGR\Application Data\.googlewebacchosts

3-10-2005 17:19:12 0 C:\Documents and Settings\Lars en Wietse.EIGENAAR-459VGR\Application Data\.googlewebacchosts
5-2-2003 9:17:50 HS 62 C:\Documents and Settings\Lars en Wietse.EIGENAAR-459VGR\Application Data\desktop.ini
28-9-2005 19:16:18 13936 C:\Documents and Settings\Lars en Wietse.EIGENAAR-459VGR\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus 2005\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus 2005\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus 2005\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus 2005\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Mediabalk = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus 2005\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
C:\WINDOWS\Options\OEMReset.exe /Audit
SoundMan SOUNDMAN.EXE
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Time Sync C:\Program Files\Time Sync\time.exe
Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6-10-2005 10:00:51

#3 FalconFire

FalconFire
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 06 October 2005 - 09:31 AM

Aaww.. sorry for being such a rude pig by not introducing myself here.. :thumbsup: :flowers: :trumpet:

It's just that the virus drives me crazy. And because I also tried many solutions already..

Another thing is: I think I've posted this topic on the wrong place :inlove: sry for that aswell!!

Sorry Sorry Sorry... But can anyone please help me out :huh: :huh:

Edited by FalconFire, 06 October 2005 - 09:32 AM.


#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:04 PM

Posted 06 October 2005 - 03:50 PM

Welcome to Bleeping Computer, FalconFire.

I suggest you post a HijackThis log for examination.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 rvandertak

rvandertak

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 14 October 2005 - 01:09 AM

Aaww.. sorry for being such a rude pig by not introducing myself here.. :thumbsup: :flowers: :trumpet:

It's just that the virus drives me crazy. And because I also tried many solutions already..

Another thing is: I think I've posted this topic on the wrong place :inlove: sry for that aswell!!

Sorry Sorry Sorry... But can anyone please help me out :huh: :huh:


start with this

Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.

The computer will reboot automaticly and after the reboot the infection should be killed.

reboot & post a fresh HJT log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users