View Full Version : Unknown Possible Virus
XiKeiyaZI
2007-07-17, 05:08
The computer in question is a Sony Vaio. This was brought to me by a friend, and from what I can tell, it's loaded with spyware, and as you would think, running a basic scan would wipe out a majority of the invading programs.
There is an issue, however. About every 2 minutes, the computer restarts itself. I opened MS Config and negated the running process of all files that looked unsafe, and ended processes in the task manager which I knew should not be run, and that bought me just enough time to run a Hijack this session and save the file to a jump drive where I could post it opn the forums.
Any help or information which may lead to the resolution of this issue would be highly appreciated.
Below are the results of the highjackthis log file.
Logfile of HijackThis v1.99.1
Scan saved at 9:59:28 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1} - C:\WINDOWS\system32\tuvsspn.dll
O2 - BHO: C:\WINDOWS\system32\fs6ehnf8jd.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\fs6ehnf8jd.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0e319901408d4dbdb13959982016f9b2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0e319901408d4dbdb13959982016f9b2
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou3viewer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou3viewer.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tuvsspn - C:\WINDOWS\SYSTEM32\tuvsspn.dll
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\grcf.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
EDIT: http://forums.spybot.info/showthread.php?t=13261
Hi XiKeiyaZI
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
XiKeiyaZI
2007-07-20, 05:45
Okay, I ran Vandoo and it found two files. It couldn't remove both of them, however, I couldn't ever get the file from the vondoo due to the computer randomly restarting about every 20 seconds now. Below is the updated Hijack this log after vondoo fix.
Logfile of HijackThis v1.99.1
Scan saved at 10:38:06 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1} - C:\WINDOWS\system32\tuvsspn.dll
O2 - BHO: C:\WINDOWS\system32\fs6ehnf8jd.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\fs6ehnf8jd.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou3viewer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou3viewer.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tuvsspn - C:\WINDOWS\SYSTEM32\tuvsspn.dll
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\grcf.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Hi
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
XiKeiyaZI
2007-07-20, 17:33
::COMBOFIX::
2005-08-02 14:08 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wanpacket.dll.vir
2005-08-02 14:08 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2005-08-02 14:10 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2005-08-02 14:18 233472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2005-08-02 14:24 53299 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2007-04-06 01:39 100 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\SpySheriff.dvm.vir
2007-04-06 01:39 115200 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\Uninstall.exe.vir
2007-04-06 01:39 1202187 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\Install.dat.vir
2007-04-06 01:39 18132 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\removed.wav.vir
2007-04-06 01:39 21126 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\notfound.wav.vir
2007-04-06 01:39 268 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\base001.avd.vir
2007-04-06 01:39 33004 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\base002.avd.vir
2007-04-06 01:39 36864 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur002.dll.vir
2007-04-06 01:39 40960 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur003.dll.vir
2007-04-06 01:39 410880 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\base.avd.vir
2007-04-06 01:39 415232 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\SpySheriff.exe.vir
2007-04-06 01:39 45056 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur001.dll.vir
2007-04-06 01:39 57344 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur000.dll.vir
2007-04-06 01:39 7304 --a------ C:\Qoobox\Quarantine\C\Program Files\SpySheriff\found.wav.vir
2007-05-11 19:01 2 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32RunOnce2.t__.vir
2007-05-11 19:01 2 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32RunOnce2.tm_.vir
2007-05-11 19:01 46592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB93736873.exe.vir
2007-05-11 19:02 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\3_exception.nls.vir
2007-05-11 19:02 10000 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\FS6EHN~1.DLL.vir
2007-05-11 19:02 13824 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB57455861.exe.vir
2007-05-11 19:02 152576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\windbg48.sys.vir
2007-05-11 19:02 18944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB92380205.exe.vir
2007-05-11 19:02 25088 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\koos.exe.vir
2007-05-11 19:02 30208 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\poof.vir
2007-05-11 19:02 32633 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rpcc.exe.vir
2007-05-11 19:02 34829 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB34216966.exe.vir
2007-05-11 19:02 34829 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB44105609.exe.vir
2007-05-11 19:02 3712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ksys.sys.vir
2007-05-11 19:02 38968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB17836474.exe.vir
2007-05-11 19:02 38968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB62062812.exe.vir
2007-05-11 19:02 56 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce2.t__.vir
2007-05-11 19:02 6144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kprof.vir
2007-05-11 19:02 84480 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB35862658.exe.vir
2007-05-11 19:02 84480 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winupd_KB95349334.exe.vir
2007-05-11 19:03 502272 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
2007-07-20 10:18 7424 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir
2007-07-20 10:26 1172 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_POOF.reg.cf
2007-07-20 10:26 1196 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NDNET1.reg.cf
2007-07-20 10:26 1208 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_EXAMPLE.reg.cf
2007-07-20 10:26 1208 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
2007-07-20 10:26 2050 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
2007-07-20 10:26 2056 --a------ C:\Qoobox\Quarantine\Registry_backups\services_kprof.reg.cf
2007-07-20 10:26 2338 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NETDown.reg.cf
2007-07-20 10:26 2348 --a------ C:\Qoobox\Quarantine\Registry_backups\services_poof.reg.cf
2007-07-20 10:26 750 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Runtime.reg.cf
2007-07-20 10:26 782 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NDnet1.reg.cf
2007-07-20 10:26 788 --a------ C:\Qoobox\Quarantine\Registry_backups\services_EXAMPLE.reg.cf
2007-07-20 10:26 808 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETDOWN.reg.cf
2007-07-20 10:27 106 --a------ C:\Qoobox\Quarantine\catchme.log
Folder PATH listing
Volume serial number is 0445-2C1F
C:\QOOBOX
\---Quarantine
| catchme.log
|
+---C
| +---DOCUME~1
| | \---Owner
| | \---APPLIC~1
| | Install.dat.vir
| |
| +---Program Files
| | \---SpySheriff
| | base.avd.vir
| | base001.avd.vir
| | base002.avd.vir
| | found.wav.vir
| | heur000.dll.vir
| | heur001.dll.vir
| | heur002.dll.vir
| | heur003.dll.vir
| | notfound.wav.vir
| | removed.wav.vir
| | SpySheriff.dvm.vir
| | SpySheriff.exe.vir
| | Uninstall.exe.vir
| |
| \---WINDOWS
| | system32RunOnce2.tm_.vir
| | system32RunOnce2.t__.vir
| |
| \---system32
| | 3_exception.nls.vir
| | FS6EHN~1.DLL.vir
| | koos.exe.vir
| | kprof.vir
| | ksys.sys.vir
| | packet.dll.vir
| | poof.vir
| | pthreadVC.dll.vir
| | rpcc.exe.vir
| | RunOnce2.t__.vir
| | wanpacket.dll.vir
| | windbg48.sys.vir
| | winlogon.exe.vir
| | winupd_KB17836474.exe.vir
| | winupd_KB34216966.exe.vir
| | winupd_KB35862658.exe.vir
| | winupd_KB44105609.exe.vir
| | winupd_KB57455861.exe.vir
| | winupd_KB62062812.exe.vir
| | winupd_KB92380205.exe.vir
| | winupd_KB93736873.exe.vir
| | winupd_KB95349334.exe.vir
| | wpcap.dll.vir
| |
| \---drivers
| ip6fw.sys.vir
| npf.sys.vir
|
\---Registry_backups
LEGACY_EXAMPLE.reg.cf
LEGACY_NDNET1.reg.cf
LEGACY_NETDOWN.reg.cf
LEGACY_POOF.reg.cf
LEGACY_RUNTIME.reg.cf
services_EXAMPLE.reg.cf
services_kprof.reg.cf
services_NDnet1.reg.cf
services_NETDown.reg.cf
services_NPF.reg.cf
services_poof.reg.cf
services_Runtime.reg.cf
::HIJACKTHIS::
Logfile of HijackThis v1.99.1
Scan saved at 10:32, on 2007-07-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1} - C:\WINDOWS\system32\tuvsspn.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0e319901408d4dbdb13959982016f9b2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0e319901408d4dbdb13959982016f9b2
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou3viewer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou3viewer.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tuvsspn - C:\WINDOWS\SYSTEM32\tuvsspn.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Hi
I want this log, too -> C:\ComboFix.txt
Please post it next :)
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
XiKeiyaZI.
Please do not request assistance here again, without bearing in mind that we expect you to follow up.
We have found third party threads are often archived for lack of feedback when the owner of the PC is not the one posting.
Regards.