Solved: what is sys33.exe?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Smokes

Thread Starter
Joined
May 11, 2006
Messages
237
i open task manager and firefox.exe is running and i dont have it open so i end that and sys33.exe pops up and reopens firefox and then sys33.exe closes down leaving the firefox open in the background sucking up memory is there a fix for this?

the sys.exe file was with a sys33 install in the c:windows/prefetch so i deleted these files. the installer was in c:/windows/system32 i deleted that file too,also deleted the registry entrys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
sys33 = "Sys33.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
sys33 = "Sys33.exe"

and removed it with hijackthis but it just goes right back in all the same places... so how do you get rid of this? my spyware doesnt detect it nither will the anti-virus
 

Smokes

Thread Starter
Joined
May 11, 2006
Messages
237
oops for got about HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:17:01 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\ETrust\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ETrust\CA Anti-Virus\VetMsg.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ETrust\CA Personal Firewall\capfsem.exe
C:\WINDOWS\SYSTEM32\NETCMD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\REGMec6.0\RegMech.exe
C:\Program Files\ETrust\cctray\cctray.exe
C:\Program Files\ETrust\CA Anti-Virus\CAVRID.exe
C:\Program Files\ETrust\CA Personal Firewall\capfaem.exe
C:\Program Files\ETrust\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ETrust\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\REGMec6.0\RegMech.exe /H
O4 - HKLM\..\Run: [cctray] "C:\Program Files\ETrust\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\ETrust\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\ETrust\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\ETrust\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\ETrust\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\RunOnce: [*sys33] C:\WINDOWS\system32\sys33.exe
O4 - HKCU\..\Run: [sys33] C:\WINDOWS\system32\sys33.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157522165628
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157570551406
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavincicode/DVCDownloaderControl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\ETrust\CA Anti-Virus\ISafe.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\ETrust\CA Anti-Virus\VetMsg.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download Combofix to your desktop:

* Double-click Combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note: Do not mouse click Combofix's window while it's running. That may cause it to stall.
 

Smokes

Thread Starter
Joined
May 11, 2006
Messages
237
"Administrator" - 07-01-29 19:17:33 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


2007-01-29 14:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Camfrog
2007-01-29 14:43 <DIR> d-------- C:\Program Files\Camfrog
2007-01-29 13:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Uniblue
2007-01-29 13:18 <DIR> d-------- C:\Program Files\Uniblue
2007-01-29 02:56 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-29 02:51 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-29 02:51 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-01-29 02:51 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-28 17:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-28 15:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-01-28 11:31 <DIR> d-------- C:\counterstrikesourceFULL
2007-01-26 20:43 <DIR> d-------- C:\Program Files\Save
2007-01-26 19:45 142,336 --a------ C:\WINDOWS\system32\sys33.exe
2007-01-26 19:37 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-01-23 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-16 22:17 <DIR> d-------- C:\Program Files\Elite Bling-Bling
2007-01-16 18:15 <DIR> d--h----- C:\WINDOWS\HUL
2007-01-15 11:19 119,816 --a------ C:\WINDOWS\system32\drivers\KmxCF.sys
2007-01-14 03:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-14 03:32 <DIR> d-------- C:\Program Files\Real
2007-01-14 03:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-01-12 17:06 111,624 --a------ C:\WINDOWS\system32\drivers\KmxFw.sys
2007-01-11 18:11 <DIR> d-------- C:\Program Files\iPod
2007-01-10 17:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\awc_Hot111
2007-01-09 08:38 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-01-09 08:38 111,227 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-01-09 08:31 <DIR> d-------- C:\ijji
2007-01-08 15:41 102,408 --a------ C:\WINDOWS\system32\drivers\KmxStart.sys
2007-01-06 01:00 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-01-05 15:01 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-01-05 15:00 <DIR> d-------- C:\Program Files\PCRescue4.0
2007-01-05 10:19 80,776 --a------ C:\WINDOWS\system32\drivers\KmxCfg.sys
2007-01-03 21:20 <DIR> d-------- C:\Program Files\Winamp
2007-01-03 04:23 <DIR> d-------- C:\Program Files\Incomplete
2007-01-03 04:17 <DIR> d-------- C:\Program Files\ares
2007-01-01 03:50 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-01-01 03:30 95,760 --a------ C:\WINDOWS\system32\isafeif.dll
2007-01-01 03:30 75,280 --a------ C:\WINDOWS\system32\vetredir.dll
2007-01-01 03:30 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-01-01 03:30 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-01-01 03:30 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-01-01 03:30 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-01-01 03:30 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-01-01 03:30 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-01-01 03:30 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-01-01 03:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-01-01 03:30 <DIR> d-------- C:\Program Files\CA
2007-01-01 03:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CA
2007-01-01 03:23 <DIR> d-------- C:\Program Files\ETrust
2007-01-01 03:15 <DIR> d-------- C:\Program Files\ATF-cleaner
2006-12-31 08:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\acccore
2006-12-31 08:09 <DIR> d-------- C:\Program Files\PlayLinc
2006-12-31 07:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SonyPicturesGames
2006-12-30 18:30 1,138 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-30 18:28 <DIR> d-------- C:\Program Files\SmitfraudFix
2006-12-29 16:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\MySpace
2006-12-29 16:22 <DIR> d-------- C:\Program Files\MySpace


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-29 19:16 -------- d-------- C:\Program Files\mozilla firefox
2007-01-29 17:42 -------- d-------- C:\Program Files\frostwire
2007-01-29 15:55 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\frostwire
2007-01-29 13:56 -------- d-------- C:\Program Files\regmec6.0
2007-01-29 02:35 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\azureus
2007-01-26 19:29 -------- d-------- C:\Program Files\azureus
2007-01-26 17:08 -------- d--h----- C:\Program Files\installshield installation information
2007-01-26 17:04 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2007-01-26 17:04 -------- d-------- C:\Program Files\microsoft games
2007-01-23 11:54 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-14 10:58 -------- d-------- C:\Program Files\yahelite
2007-01-14 03:33 -------- d-------- C:\Program Files\Common Files\real
2007-01-12 06:09 -------- d-------- C:\Program Files\anywebcam
2007-01-11 00:02 -------- d-------- C:\Program Files\alcohol soft
2007-01-08 04:33 -------- d-------- C:\Program Files\itunes
2007-01-01 20:55 -------- d-------- C:\Program Files\wintasks
2007-01-01 03:53 -------- d-------- C:\Program Files\windows media connect 2
2007-01-01 00:19 -------- d-------- C:\Program Files\Common Files\panda software
2006-12-31 07:46 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\msn6
2006-12-30 00:22 -------- d-------- C:\Program Files\msn messenger
2006-12-26 21:51 -------- d-------- C:\Program Files\pool buddy yahoo
2006-12-26 19:49 -------- d-------- C:\Program Files\grisoft
2006-12-26 17:47 -------- d-------- C:\Program Files\Common Files\esellerate
2006-12-23 21:56 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\iolo
2006-12-23 21:49 -------- d-------- C:\Program Files\Common Files\authentium
2006-12-23 21:18 -------- d-------- C:\Program Files\raxco
2006-12-23 21:18 -------- d-------- C:\Program Files\Common Files\raxco
2006-12-23 21:17 -------- d-------- C:\Program Files\rpd
2006-12-20 12:17 227856 --a------ C:\WINDOWS\system32\pdboot.exe
2006-12-16 22:18 -------- d-------- C:\Program Files\java
2006-12-16 22:17 -------- d-------- C:\Program Files\lavasoft
2006-12-14 07:36 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\apple computer
2006-12-12 19:09 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\lavasoft
2006-12-12 17:41 107016 --a------ C:\WINDOWS\system32\drivers\KmxIds.sys
2006-12-12 00:01 -------- d-------- C:\Program Files\Common Files\java
2006-12-10 16:00 38069 --a------ C:\WINDOWS\system32\z2717.exe
2006-12-10 13:59 38069 --a------ C:\WINDOWS\system32\z2867.exe
2006-12-10 13:12 38069 --a------ C:\WINDOWS\system32\z2345.exe
2006-12-10 12:56 161280 --a------ C:\WINDOWS\system32\kerkr.dll
2006-12-10 11:45 161280 --a------ C:\WINDOWS\system32\jqqtllv.dll
2006-12-10 11:13 161280 --a------ C:\WINDOWS\system32\krutgi.dll
2006-12-09 16:08 -------- d-------- C:\Program Files\quicktime
2006-12-09 15:59 49 --a------ C:\DOCUME~1\ADMINI~1\Application Data\internaldb41.dat
2006-12-09 15:59 337 --a------ C:\DOCUME~1\ADMINI~1\Application Data\internaldb1942.dat
2006-12-04 18:22 -------- d-------- C:\Program Files\Common Files\directx
2006-12-03 20:53 -------- d-------- C:\Program Files\techsmith
2006-12-03 20:52 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2006-12-03 17:33 -------- d-------- C:\Program Files\yahoo!
2006-12-02 23:32 9216 --a------ C:\DOCUME~1\ADMINI~1\Application Data\internaldb8467.dat
2006-12-02 23:32 417792 --a------ C:\WINDOWS\system32\tcbloczd.dll
2006-12-02 23:32 36864 --a------ C:\WINDOWS\system32\slimqmvi.exe
2006-12-02 23:32 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-12-02 23:32 23 --a------ C:\DOCUME~1\ADMINI~1\Application Data\inifile41.ini
2006-12-02 23:32 20480 --a------ C:\DOCUME~1\ADMINI~1\Application Data\internaldb4827.dat
2006-12-02 23:32 0 --a------ C:\DOCUME~1\ADMINI~1\Application Data\internaldb6334.dat
2006-12-02 23:32 0 --a------ C:\DOCUME~1\ADMINI~1\Application Data\internaldb5436.dat
2006-12-01 04:35 921 --a------ C:\WINDOWS\qsfvexit.bat
2006-12-01 04:35 -------- d-------- C:\Program Files\magiciso
2006-12-01 03:55 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-30 22:52 -------- d-------- C:\Program Files\quicksfv
2006-11-26 12:34 85 ---hs---- C:\DOCUME~1\ADMINI~1\Application Data\.zreglib
2006-11-20 19:45 21840 --a------ C:\WINDOWS\system32\sintfnt.dll
2006-11-20 19:45 17212 --a------ C:\WINDOWS\system32\sintf32.dll
2006-11-20 19:45 12067 --a------ C:\WINDOWS\system32\sintf16.dll
2006-11-20 03:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-20 03:42 33280 --a------ C:\WINDOWS\system32\snmp(2)(2).exe
2006-11-20 00:01 233472 --a------ C:\WINDOWS\system32\yacscom.dll
2006-11-14 17:31 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 14:52 774144 --a------ C:\Program Files\rnginterstitial.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"sys33"="C:\\WINDOWS\\system32\\sys33.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RegistryMechanic"="C:\\Program Files\\REGMec6.0\\RegMech.exe /H"
"cctray"="\"C:\\Program Files\\ETrust\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\ETrust\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\ETrust\\CA Personal Firewall\\cafw.exe -cl"
"capfaem"="C:\\Program Files\\ETrust\\CA Personal Firewall\\capfaem.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"QOELOADER"="\"C:\\Program Files\\ETrust\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\" -H"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*sys33"="C:\\WINDOWS\\system32\\sys33.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gnetmous]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gnetmous"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\COMPAQ\\Scroll Mouse\\gnetmous.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nord]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfyqakn.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qfyqakn"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\qfyqakn.dll\",xysmkvf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTouch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=dword:00000002
"TermService"=dword:00000003
"TapiSrv"=dword:00000003
"Spooler"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Administrator at 3 30 AM.job

Completion time: 07-01-29 19:28:42
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
There's definitely some suspicious files there
Let's give this a shot...

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 

Smokes

Thread Starter
Joined
May 11, 2006
Messages
237
OK. done and right when the scan finished 2 small box's popped up on top left they went kinda fast but i managed to catch the files it was dealing with and the first box did something this netcmd.exe then the other bobx poped up and did something with sys33.exe they poped up said creating something and went away to fast but it seems like that scan removed it but this sys33.exe just seems to find a way to put it self back. :( anyway heres the log ( in this log it may show that the sys33.exe got removed but like i said i think it just put ut self back) and a new HJT log


SDFix: Version 1.63

Mon 01/29/2007 - 19:59:23.06

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\PART0100.DAT - Deleted
C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\spool\cmd.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\ijji\\ENGLISH\\Gunz\\BAReport.exe"="C:\\ijji\\ENGLISH\\Gunz\\BAReport.exe:*:Enabled:BAReport MFC ?? ????"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Administrator\My Documents\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\netconfig.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Finished

Logfile of HijackThis v1.99.1
Scan saved at 8:20:34 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\ETrust\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ETrust\CA Anti-Virus\VetMsg.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ETrust\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SYSTEM32\NETCMD.EXE
C:\Program Files\REGMec6.0\RegMech.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ETrust\cctray\cctray.exe
C:\Program Files\ETrust\CA Anti-Virus\CAVRID.exe
C:\Program Files\ETrust\CA Personal Firewall\capfaem.exe
C:\Program Files\ETrust\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ETrust\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\REGMec6.0\RegMech.exe /H
O4 - HKLM\..\Run: [cctray] "C:\Program Files\ETrust\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\ETrust\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\ETrust\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\ETrust\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\ETrust\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\RunOnce: [*sys33] C:\WINDOWS\system32\sys33.exe
O4 - HKCU\..\Run: [sys33] C:\WINDOWS\system32\sys33.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157522165628
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157570551406
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavincicode/DVCDownloaderControl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\ETrust\CA Anti-Virus\ISafe.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\ETrust\CA Anti-Virus\VetMsg.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Okay there are many suspicious files that need to be analyzed so let's take one step at a time.

First,

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system32\sys33.exe
    C:\WINDOWS\unvise32.exe
    C:\ijji


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Second,

Go to the forum here: http://www.thespykiller.co.uk/forum/index.php?board=1.0
Upload this (these) file(s):

Here are the directions for uploading the following files:

C:\WINDOWS\system32\z2717.exe
C:\WINDOWS\system32\z2867.exe
C:\WINDOWS\system32\z2345.exe
C:\WINDOWS\system32\kerkr.dll
C:\WINDOWS\system32\jqqtllv.dll
C:\WINDOWS\system32\krutgi.dll
C:\WINDOWS\system32\tcbloczd.dll
C:\WINDOWS\system32\slimqmvi.exe
C:\WINDOWS\qsfvexit.bat


Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the files on your computer. When the files are listed in the window click "Post" to upload the files.
 

Smokes

Thread Starter
Joined
May 11, 2006
Messages
237
ok done and i dident put the c:ijji in the kill box because that my gunz game from http://www.ijji.com also after i used kill box it re booted and gave me a box pop up that said can not find file c:windows/system32/sys33.exe so i clicked ok then a lil box poped up in the top left that said "setting up personalized settings for netconfig.exe" then the box went away. heres the link to the thread u wanted me to upload them files to but idk if they uploaded properly
http://www.thespykiller.co.uk/forum/index.php?topic=3528.0
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
this one is harmless C:\WINDOWS\qsfvexit.bat and belongs to

http://www.download.com/QuickSFV/3000-2248_4-10521469.html

C:\WINDOWS\system32\tcbloczd.dll is adware comaid

:\WINDOWS\system32\z2717.exe
C:\WINDOWS\system32\z2867.exe
C:\WINDOWS\system32\z2345.exe are all downloaders according to kaspersky

I'm still checking the others but they look bad so delete the lot

Edit:

the others seem to be spambots but virus total keeps crashing on me so I am having trouble scanning tonight
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top