Cookiegal #1 Posted April 17, 2009 I didn't get the developer mode log as I thought it might not be necessary but if needed I will get it.C:\WINDOWS\system32\WinSys2.exeRegistry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> Quarantined and deleted successfully.http://forums.techguy.org/malware-removal-...tml#post6637593It looks like the legit Nvidia file. These are all from the ComboFix log:2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w c:\windows\system32\AGEIA2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w c:\program files\AGEIA Technologies2009-03-28 01:07 . 2009-03-28 01:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard2009-03-28 01:07 . 2006-08-23 17:12 81314 ----a-w c:\windows\system32\nvapps.nvb2009-03-28 01:06 . 2009-02-12 16:00 131072 ----a-r c:\windows\system32\smdll.dll2009-03-28 01:06 . 2009-02-12 16:00 130048 ----a-r c:\windows\system32\MadCHook.dll2009-03-28 01:06 . 2009-02-12 16:00 614400 ----a-r c:\windows\system32\msvcr80.dll2009-03-28 01:06 . 2009-02-12 16:00 32768 ----a-r c:\windows\system32\Auxiliary.dll2009-03-28 01:06 . 2009-02-12 16:00 208896 ----a-r c:\windows\system32\WinSys2.exe2009-03-28 01:06 . 2009-02-13 02:26 1789952 ----a-r c:\windows\system32\msicpl.dll2009-03-28 01:06 . 2009-02-05 16:54 453152 ----a-w c:\windows\system32\NVUNINST.EXE Share this post Link to post Share on other sites
nosirrah #2 Posted April 17, 2009 Applying filter in 1997 , this should resolve this . Share this post Link to post Share on other sites
Cookiegal #3 Posted April 18, 2009 Applying filter in 1997 , this should resolve this .Thanks. Share this post Link to post Share on other sites