GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


my google is in Dutch

2 posters

descriptionmy google is in Dutch Emptymy google is in Dutch14th January 2010, 6:58 am

more_horiz
now I dont mind learning another language but this is kind of ridiculous to say the least.and I dont know how to fix it.I tried to go into options and what not but it goes right back so I am lost. It seemed to happen right before I was alerted that I am infected and pc whatever could fix it if I bought there code. I dont know about where you all are from but where I am that is extortion is there anything I can do to get rid of it? it gets so bad I have to shut the comp down by hand because the puter is locked from this thing.and then I go into safe mode and do a system restore and it will go away for a while.please tell me I am not the only one this thing has attached itself to?

descriptionmy google is in Dutch EmptyRe: my google is in Dutch14th January 2010, 11:11 am

more_horiz
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

descriptionmy google is in Dutch EmptyRe: my google is in Dutch14th January 2010, 9:08 pm

more_horiz
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.504.304 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\nfo
c:\documents and settings\All Users\Application Data\nfo\arch\195.dfn
c:\documents and settings\All Users\Application Data\nfo\keys.dat
c:\documents and settings\All Users\Application Data\nfo\mon0104.dbd
c:\documents and settings\All Users\Application Data\nfo\mon0106.ddx
c:\documents and settings\All Users\Application Data\nfo\mon0204.ddx
c:\documents and settings\All Users\Application Data\nfo\mon0315.ddx
c:\documents and settings\All Users\Application Data\nfo\mon0412.ddx
c:\documents and settings\All Users\Application Data\nfo\mon0504.ddx
c:\documents and settings\All Users\Application Data\nfo\mon0904.ddx
c:\documents and settings\All Users\Application Data\nfo\mon1125.ddx
c:\documents and settings\All Users\Application Data\nfo\mon1204.ddx
c:\documents and settings\All Users\Application Data\nfo\mon1215.dbd
c:\documents and settings\All Users\Application Data\nfo\mon1909.ddx
c:\documents and settings\All Users\Application Data\nfo\mon1920.dbd
c:\documents and settings\All Users\Application Data\nfo\mon2007.dbd
c:\documents and settings\All Users\Application Data\nsv
c:\documents and settings\All Users\Application Data\nsv\cache\264.dfn
c:\documents and settings\All Users\Application Data\nsv\cache\400.dfn
c:\documents and settings\All Users\Application Data\nsv\cache\404.dfn
c:\documents and settings\All Users\Application Data\nsv\keys.dat
c:\documents and settings\All Users\Application Data\nsv\wmv0104.dbd
c:\documents and settings\All Users\Application Data\nsv\wmv0106.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0204.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0315.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0412.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0504.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0904.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1125.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1204.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1215.dbd
c:\documents and settings\All Users\Application Data\nsv\wmv1909.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1920.dbd
c:\documents and settings\All Users\Application Data\nsv\wmv2007.dbd
c:\documents and settings\All Users\Application Data\picsvr
c:\documents and settings\All Users\Application Data\picsvr\picsvr.inf
C:\lswmv.ini
c:\program files\Common Files\uninstall information
c:\program files\Common Files\uninstall information\RemoveDisplayUtility.exe
c:\program files\CxtPls
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\recycler\S-1-5-21-2480692769-1671350622-3332758675-1003
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\nfomon
c:\windows\system32\nfomon\License.txt
c:\windows\system32\ps2.bat
c:\windows\system32\stlbdist.XML
c:\windows\viassary-hp.reg
D:\Autorun.inf

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 19:41 . 2010-01-14 19:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-01-14 16:40 . 2010-01-14 16:40 14848 ----a-w- c:\windows\system32\syerbge.dll
2010-01-14 16:13 . 2010-01-14 16:13 38912 ----a-w- c:\windows\system32\izakln.exe
2010-01-14 15:38 . 2010-01-14 15:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-14 15:38 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 15:38 . 2010-01-14 15:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 15:38 . 2010-01-14 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 15:38 . 2010-01-07 22:07 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:26 . 2010-01-14 08:26 -------- d-----w- c:\program files\TrendMicro
2010-01-14 06:27 . 2009-11-10 16:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-14 06:27 . 2009-11-10 16:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-14 06:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-14 06:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-01-14 06:27 . 2009-11-10 16:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-14 06:27 . 2009-11-10 16:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-14 06:24 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-14 06:24 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-14 06:24 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-14 06:24 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-14 06:23 . 2010-01-14 16:37 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 06:23 . 2010-01-14 06:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-14 06:23 . 2010-01-14 06:23 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-14 06:23 . 2010-01-14 06:23 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-01-14 06:22 . 2010-01-14 20:58 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-13 14:10 . 2010-01-13 14:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-13 13:56 . 2010-01-13 13:56 -------- d-----w- c:\program files\Compaq Connections
2010-01-13 13:56 . 2010-01-13 13:56 -------- d-----w- c:\program files\BackWeb
2010-01-12 22:28 . 2010-01-13 13:28 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-27 18:13 . 2009-12-27 18:13 -------- dc----w- C:\temp
2009-12-27 18:13 . 2010-01-13 13:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Save
2009-12-27 17:54 . 2010-01-13 13:53 -------- dc----w- c:\documents and settings\Marie(2)\Local Settings(2)
2009-12-27 17:54 . 2010-01-13 13:53 -------- dc----w- c:\documents and settings\Marie(2)
2009-12-27 17:45 . 2009-12-27 17:45 -------- dc----w- c:\documents and settings\Administrator.YOUR-LK4RLMSU41\Local Settings\Application Data\Mozilla
2009-12-20 00:29 . 2010-01-13 13:55 -------- dc----w- C:\CamQuest6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 21:00 . 2009-12-02 23:38 2568 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-14 20:59 . 2005-04-24 15:24 3823 ----a-w- c:\windows\mnrzv.dll
2010-01-14 20:59 . 2003-07-26 08:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-14 08:26 . 2010-01-14 08:26 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-13 14:09 . 2009-11-24 16:50 -------- d-----w- c:\program files\HP
2010-01-13 14:09 . 2009-11-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-13 14:09 . 2003-07-24 10:01 -------- d-----w- c:\program files\Easy Internet signup
2010-01-13 14:09 . 2003-07-26 08:54 -------- d-----w- c:\program files\Norton AntiVirus
2010-01-13 14:08 . 2009-12-02 03:07 -------- dc----w- c:\documents and settings\All Users\Application Data\HP
2010-01-13 14:06 . 2003-07-24 09:53 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-13 14:06 . 2003-07-24 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 14:04 . 2003-07-24 09:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-13 13:55 . 2004-03-23 04:05 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-12-29 18:08 . 2003-12-04 00:55 -------- d-----w- c:\program files\Java
2009-12-17 00:50 . 2009-12-02 03:17 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-12-09 05:45 . 2004-11-29 17:33 335 ----a-w- c:\windows\nsreg.dat
2009-12-08 16:57 . 2009-12-08 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-12-08 16:57 . 2009-12-08 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-12-08 16:56 . 2009-12-08 16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-12-08 16:56 . 2009-12-08 16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-12-08 16:56 . 2009-12-08 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-05 14:49 . 2004-01-11 04:09 24648 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 23:35 . 2009-11-19 16:52 4136 --sha-r- c:\windows\system32\drivers\HP_DM173A-ABA S5200NX NA310_YC_Pres_QMXK343_E34NAheRED2_4_IP4G533LA_SASUSTeK Computer INC._VREV 1.xx_B3.16_T030805_WXH1_L409_M504_J120_7Intel_8Celeron_92.69_1_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2009-12-02 03:14 . 2009-12-02 03:14 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-12-01 06:24 . 2003-07-24 09:39 -------- d-----w- c:\program files\WildTangent
2009-11-24 16:54 . 2009-11-24 16:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-19 16:55 . 2002-01-01 06:26 -------- d-----w- c:\program files\NETGEAR
2009-11-19 16:53 . 2009-11-19 16:53 7680 ----a-w- c:\windows\system32\drouq.dll
2009-11-19 16:53 . 2009-11-19 16:53 38912 ----a-w- c:\windows\system32\wugky.dat
2009-11-19 16:53 . 2009-11-19 16:53 3584 ----a-w- c:\windows\system32\daxmqox.exe
2009-11-19 16:49 . 2003-12-04 00:55 -------- d-----w- c:\program files\Java Web Start
2009-11-19 04:30 . 2009-11-19 04:30 -------- d-----w- c:\program files\Belkin
2003-12-23 13:34 . 2004-01-15 20:26 3147 ----a-w- c:\program files\Common Files\remove_tools.html
2005-04-01 00:17 . 2005-04-01 00:17 209192 --sh--r- c:\windows\varyag0.sys
2003-07-26 08:55 . 2003-07-26 08:55 32 --sha-w- c:\windows\{9FF07B37-2B19-449D-8372-A748A7436B60}.dat
2003-07-26 08:55 . 2003-07-26 08:55 32 --sha-w- c:\windows\system32\{B09DD2CF-9A78-4455-8875-03ECDA1AB7F9}.dat
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-27 09:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 835654]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-21 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 54976]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 59072]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-06-18 118784]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2003-7-24 28672]
Mavis Beacon Teaches Typing 11.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe [2005-4-13 2326528]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-7-26 552960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-7-24 16384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
raui.exe [2010-1-14 38912]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-11-19 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/14/2010 12:27 AM 112592]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11/19/2009 10:55 AM 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [11/19/2009 10:55 AM 167808]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [11/19/2009 10:55 AM 13532]
S2 mrtRate;mrtRate; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/14/2010 12:23 AM 359624]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALG
*NewlyCreated* - IPNAT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\5ffe8a46-e7df-4d99-b6ad-5eb80777236e]
2009-11-19 16:53 3584 ----a-w- c:\windows\system32\daxmqox.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-05-23 23:13]

2010-01-09 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2002-11-15 09:31]

2009-12-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-26 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.v8s10.org/forum/search.php?search_id=egosearch&sid=05c73f7f734f052c003380dfa5247f94
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus9.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\155ljwc4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.v8s10.org/forum/search.php?search_id=egosearch
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 14:59
Windows 5.1.2600 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\System32\ODBC32.dll
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\SpSubLSP.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2972)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\docume~1\Owner\LOCALS~1\Temp\bwgo000149a6.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\raui.exe
c:\program files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
.
**************************************************************************
.
Completion time: 2010-01-14 15:05:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 21:05

Pre-Run: 32,991,793,152 bytes free
Post-Run: 39,784,394,752 bytes free

- - End Of File - - BE8BB1CCA38E0F9EC937609E2C1D6088

descriptionmy google is in Dutch EmptyRe: my google is in Dutch14th January 2010, 9:49 pm

more_horiz
well I was messing around with it earlier and deleted other hosts and dutch is gone.thank you for wanting to help a brother out.

descriptionmy google is in Dutch EmptyRe: my google is in Dutch14th January 2010, 9:50 pm

more_horiz
but I would like to get the box I am on cleaned out of any rougeware I might have still rollin around

descriptionmy google is in Dutch EmptyRe: my google is in Dutch15th January 2010, 1:03 am

more_horiz
Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    killall::

    Files::
    c:\windows\system32\syerbge.dll
    c:\windows\system32\izakln.exe
    c:\windows\system32\drouq.dll
    c:\windows\system32\wugky.dat
    c:\windows\system32\daxmqox.exe
    c:\windows\system32\ps2.exe
    c:\windows\system32\drivers\SjyPkt.sys
    c:\documents and settings\Owner\LOCAL settings\Temp\bwgo000149a6.exe

    Folder::
    c:\program files\BackWeb

    FCopy::
    c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll | c:\windows\System32\xmlprov.dll
    c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe | c:\windows\System32\wscntfy.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PS2"=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\5ffe8a46-e7df-4d99-b6ad-5eb80777236e]

    NetSvc::
    SjyPkt
    mrtRate

    reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    my google is in Dutch 2v3rg44

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionmy google is in Dutch EmptyRe: my google is in Dutch

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum