Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93078 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Disapearing Desktop/Taskbar, Possible Virus?


  • This topic is locked This topic is locked
1 reply to this topic

#1 Mayummi

Mayummi

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 12 May 2008 - 09:57 PM

It started about 3 days ago when my Kaspersky Anti-Virus alerted me that C:\WINDOWS\system32\rundll32.exe was an "invader" and asked for my decision whether to allow or block the process. I google'd what C:\WINDOWS\system32\rundll32.exe was and decided to block the process (a big mistake, apparently).

Upon blocking C:\WINDOWS\system32\rundll32.exe, so I noticed that my Spybot showed me an alert or change to my computer and kept show alerts one after another so I had decided to restart my computer. When I had restarted my computer and proceeded to logging onto my account, I noticed it took quite some time to load, but waited for it to load anyways. As soon it loaded into my account, I noticed my taskbar was gone as well as my desktop icons.

I've tried doing explorer.exe from Task Manager, it was only a temporary fix. Temporary meaning my taskbar and desktop icons did show, but they disappeared again. What I also had done was disabling my Kaspersky, which later everything was working properly but I decided to restart my computer again, the problem came back. As of right now, my taskbar disappears and reappears only to stay up for about 30 seconds then disappears again.

Any possible chance that it could just be a virus instead?

Here's my ComboFix log:

ComboFix 08-05-12.1 - Sydney 2008-05-12 16:35:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1429 [GMT -10:00]
Running from: C:\Documents and Settings\Sydney\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DdNVFfhk.ini
C:\WINDOWS\system32\DdNVFfhk.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-12 00:22 . 2008-05-12 00:22 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-12 00:22 . 2008-05-12 00:22 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-12 00:16 . 2008-05-12 16:45 811,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-12 00:16 . 2008-05-12 16:41 13,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-12 00:16 . 2008-05-12 16:41 10,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-12 00:16 . 2008-05-12 16:41 2,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-11 23:58 . 2008-05-11 23:58 320,640 --a------ C:\WINDOWS\system32\khfFVNdD.dll
2008-05-11 19:10 . 2008-05-11 19:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-11 19:10 . 2008-05-11 19:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-11 19:10 . 2008-05-11 19:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-11 19:10 . 2008-05-11 19:10 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-11 19:10 . 2008-05-11 19:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-11 19:10 . 2008-05-11 19:10 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-05-10 18:35 . 2008-05-11 21:30 345 --ahs---- C:\WINDOWS\system32\AbKjQqru.ini
2008-05-10 11:28 . 2008-05-10 11:28 <DIR> d-------- C:\Program Files\Antivirus 2008
2008-05-10 11:28 . 2008-05-10 11:28 29,312 --a------ C:\WINDOWS\system32\yayyyvVN.dll
2008-05-07 20:09 . 2008-05-07 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-07 20:04 . 2008-05-07 20:05 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-07 20:04 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-07 20:03 . 2008-05-07 20:03 <DIR> d-------- C:\ATI
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-05-07 17:45 . 2008-03-28 17:43 3,176,480 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-07 17:45 . 2008-03-28 20:21 2,873,856 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-07 17:45 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-07 17:45 . 2008-03-28 17:36 1,765,120 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-07 17:45 . 2004-08-03 22:29 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-07 17:45 . 2004-08-04 00:56 516,768 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-07 17:45 . 2008-03-28 18:04 299,008 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-07 17:45 . 2004-08-04 00:56 201,728 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-07 15:46 . 2008-05-07 18:22 8,560 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-30 22:29 . 2008-04-30 22:30 21,764,808 --a------ C:\Documents and Settings\Sydney\WoW-2.4.1.8125-to-0.4.2.8209-enUS-patch.exe
2008-04-19 17:06 . 2008-04-19 17:06 <DIR> d-------- C:\Documents and Settings\Sydney\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-12 10:02 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 06:09 --------- d-----w C:\Documents and Settings\Sydney\Application Data\ATI
2008-05-08 06:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 18:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-19 07:45 --------- d-----w C:\Program Files\World of Warcraft
2008-04-17 07:22 --------- d-----w C:\Documents and Settings\Sydney\Application Data\FrostWire
2008-04-15 22:49 --------- d-----w C:\Program Files\Java
2008-04-11 08:38 --------- d-----w C:\Program Files\FrostWire
2008-04-10 05:35 --------- d-----w C:\Program Files\Steam
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-25 10:55 267,592 -c--a-w C:\Program Files\Uninstall Ask Toolbar.dll
2008-03-25 08:23 --------- d-----w C:\Program Files\AIM6
2008-03-25 07:53 --------- d-----w C:\Program Files\Viewpoint
2008-03-25 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-13 06:38 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-01-04 01:37 4,346,084 -c--a-w C:\Documents and Settings\Sydney\WoW-2.3.0.7561-to-0.3.2.7627-enUS-patch.exe
2005-10-19 06:23 56 -csh--r C:\WINDOWS\system32\81613E1A49.sys
2005-10-19 06:24 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EEF3D9D-0938-49AC-8475-4102B3AE60BB}]
2008-05-11 23:58 320640 --a------ C:\WINDOWS\system32\khfFVNdD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD1AE66D-BF5D-42A6-A406-F6ACEB7C5DE6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9AB28FA-ED73-4E5E-BA11-0925D85120D1}]
2008-05-10 11:28 29312 --a------ C:\WINDOWS\system32\yayyyvVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 10:50 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 21:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 21:56 33280 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B9AB28FA-ED73-4E5E-BA11-0925D85120D1}"= C:\WINDOWS\system32\yayyyvVN.dll [2008-05-10 11:28 29312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-02 11:47 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyyvVN]
yayyyvVN.dll 2008-05-10 11:28 29312 C:\WINDOWS\system32\yayyyvVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2008-03-06 10:50 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard]
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a--c--- 2004-10-13 06:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2004-08-03 21:56 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2004-08-03 21:56 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-10-09 19:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AASW2_Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 11:38]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-10-20 17:01]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 b1e4A6;b1e4A6;C:\WINDOWS\system32\b1e4A6.sys [2008-02-01 16:00]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-30 19:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 09:57:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 02:56:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-11 06:05:05 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 16:43:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\Sydney\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yayyyvVN.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\khfFVNdD.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-05-12 16:48:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 02:47:50

Pre-Run: 152,629,706,752 bytes free
Post-Run: 152,983,805,952 bytes free

286 --- E O F --- 2008-01-17 00:47:52

    Advertisements

Register to Remove


#2 RatHat

RatHat

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 816 posts

Posted 13 May 2008 - 09:19 AM

You have posted this problem at geekstogo, bleeping computer and other forums, and are receiving assistance from ndmmxiaomayi here.

Don't waste helpers time by posting on multiple forums. Take a look at the forums that you are posting at and you will see that each forum is over run by people requiring assistance. All you are doing is causing a drain on very limited resources.

Topic closed.

Edited by RatHat, 13 May 2008 - 09:34 AM.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Want to join the fight against Malware? Click here to find out how.

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

Posted Image

If you feel I have helped you and would like to make a small donation, please click here

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users