WinSys2.exe

[Cookiegal]

I didn't get the developer mode log as I thought it might not be necessary but if needed I will get it.

C:\WINDOWS\system32\WinSys2.exe

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

http://forums.techguy.org/malware-removal-...tml#post6637593

It looks like the legit Nvidia file. These are all from the ComboFix log:

2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w c:\windows\system32\AGEIA

2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w c:\program files\AGEIA Technologies

2009-03-28 01:07 . 2009-03-28 01:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-28 01:07 . 2006-08-23 17:12 81314 ----a-w c:\windows\system32\nvapps.nvb

2009-03-28 01:06 . 2009-02-12 16:00 131072 ----a-r c:\windows\system32\smdll.dll

2009-03-28 01:06 . 2009-02-12 16:00 130048 ----a-r c:\windows\system32\MadCHook.dll

2009-03-28 01:06 . 2009-02-12 16:00 614400 ----a-r c:\windows\system32\msvcr80.dll

2009-03-28 01:06 . 2009-02-12 16:00 32768 ----a-r c:\windows\system32\Auxiliary.dll

2009-03-28 01:06 . 2009-02-12 16:00 208896 ----a-r c:\windows\system32\WinSys2.exe

2009-03-28 01:06 . 2009-02-13 02:26 1789952 ----a-r c:\windows\system32\msicpl.dll

2009-03-28 01:06 . 2009-02-05 16:54 453152 ----a-w c:\windows\system32\NVUNINST.EXE

[nosirrah]

Applying filter in 1997 , this should resolve this .

[Cookiegal]

Applying filter in 1997 , this should resolve this .

Thanks.