|
|
||
12-25-2007, 04:33 PM
|
#1 (permalink) |
|
Bronze Member
 
Join Date: Jul 2007
Location: New Zealand
Age: 18
Posts: 93
|
I've got virus's :P (hijack This Log included)
Hi, I think I may have quite a few virus's because I recieved a file form my friend over the internet now... I get random IM's saying "DUDE WTF". Then they instantly sign off... So I basicly think that its just spreading it's self around all my contacts
 . Please help... And as promised a hijack this log is included  Logfile of HijackThis v1.99.1 Scan saved at 4:31:27 a.m., on 26/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\nqdpb.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\xpitpqig.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [6c0b492f] rundll32.exe "C:\WINDOWS\system32\clccdwln.dll",b O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Gangsters2Setup.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193228306609 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DomainService - - C:\WINDOWS\system32\xpitpqig.exe O23 - Service: Print Spooler Service (dyucerewvey0yy) - Unknown owner - C:\WINDOWS\system32\nqdpb.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Any Help Will Be Appreciated ... Thanks
__________________
[url="http://img67.imageshack.us/my.php?image=omgevalsmilesz5.jpg"]They Are Gonna Eat Us All!![/URL] WATCH OUT! Intel Pentium 4 3.06Ghz Last edited by Millsie; 12-25-2007 at 04:46 PM. |
|
|
|
12-25-2007, 07:05 PM
|
#2 (permalink) | |
|
Diamond Member
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,947
|
Hello!
As I checked your HijackThis Log I found a couple of Spywares, nothing serious, and none of them explains what you have described in your post. WHat you described, looks to me as your friends have AdWare, from MySpace or some other place that inclueds pictures, or from some hacking site which include programs.That type of adwares are automatically sent from Temp folder on computer to all msn contacts, and that causes a freeze. If you want after we finish with you, you can post your friend's HijackThis Log, or just tell him for AdAware program on net. Now, let's go to work!. I have found 2 unknown processes on your computer, but unless it causes some troubles it can stay, for now. Please, run HijackThis and choose Do a system scan only. Put a check on these lines :
Please reboot your computer now. Now, please run this scan http://info.prevx.com/downloadcsi.asp It will check for spywares on your computer and please post the results here. Also, scan with HijackThis and post a fresh HijackThis Log.
__________________
dznutz: Quote:
Last edited by GameMaster; 12-25-2007 at 07:12 PM. |
|
|
|
|
|
12-25-2007, 07:57 PM
|
#3 (permalink) |
|
Diamond Member
 
Join Date: Jan 2007
Location: France
Age: 18
Posts: 5,002
|
I suggest a combofix to see if it will get rid of those lines GameMaster.
__________________
Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be
guess that's hard for others to see |
|
|
|
|
12-25-2007, 08:17 PM
|
#4 (permalink) | |
|
Diamond Member
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,947
|
Ok then lol...
If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Please download Combofix from Bleeping Computer. Save it to your desktop. If you can't download it, please try these 2 alternative sites: Forospyware Geeks to Go Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply. Do not mouse click on Combofix while it is running. That may cause it to stall.
__________________
dznutz: Quote:
|
|
|
|
|
|
12-26-2007, 03:43 AM
|
#5 (permalink) |
|
Bronze Member
Join Date: Jul 2007
Location: New Zealand
Age: 18
Posts: 93
|
This Is ComboFix's Log...
Code:
ComboFix 07-12-21.4 - Jeremy 2007-12-26 15:07:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1531 [GMT 13:00]
Running from: C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\#SharedObjects\XM95LZFM\iforex.com
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\#SharedObjects\XM95LZFM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ankqusuw.dll
C:\WINDOWS\system32\bhwacdfy.dll
C:\WINDOWS\system32\bsntrtwo.exe
C:\WINDOWS\system32\clccdwln.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\efcyvww.dll
C:\WINDOWS\system32\eitjqtie.dll
C:\WINDOWS\system32\ejhyqkob.exe
C:\WINDOWS\system32\fyhqkplj.dll
C:\WINDOWS\system32\gpitimfi.exe
C:\WINDOWS\system32\hlwnxwrj.dll
C:\WINDOWS\system32\igqhpoqh.dll
C:\WINDOWS\system32\javjcorv.exe
C:\WINDOWS\system32\jrwxnwlh.ini
C:\WINDOWS\system32\juwugyhr.dll
C:\WINDOWS\system32\kxmfgrlc.dll
C:\WINDOWS\system32\lvyekdee.dll
C:\WINDOWS\system32\metclxqv.dll
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\nlwdcclc.ini
C:\WINDOWS\system32\rgksjngb.dll
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\tsnoieae.exe
C:\WINDOWS\system32\vdnmhhpf.dll
C:\WINDOWS\system32\viqcgmif.dll
C:\WINDOWS\system32\vlrbkvlv.dll
C:\WINDOWS\system32\yvmprnri.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.
2007-12-25 22:00 . 2007-12-25 22:00 24,304 --a------ C:\WINDOWS\system32\ddcywxx.dll
2007-12-25 02:34 . 2007-12-25 21:47 994,066 --ahs---- C:\WINDOWS\system32\awmscnfp.ini
2007-12-25 00:16 . 2007-12-25 00:16 24,304 --a------ C:\WINDOWS\system32\iifefgg.dll
2007-12-24 06:53 . 2007-12-23 17:50 122,880 --a------ C:\WINDOWS\system32\nqdpb.exe
2007-12-24 02:26 . 2007-12-25 02:26 993,946 --ahs---- C:\WINDOWS\system32\yaogmejn.ini
2007-12-23 00:09 . 2007-12-24 00:10 992,014 --ahs---- C:\WINDOWS\system32\gtjdutom.ini
2007-12-21 23:12 . 2007-12-21 23:12 24,304 --a------ C:\WINDOWS\system32\hggggec.dll
2007-12-21 19:47 . 2007-12-23 00:07 991,894 --ahs---- C:\WINDOWS\system32\cbqktrux.ini
2007-12-20 18:38 . 2007-12-21 19:42 987,934 --ahs---- C:\WINDOWS\system32\abgsujam.ini
2007-12-19 15:40 . 2007-12-20 18:37 992,665 --ahs---- C:\WINDOWS\system32\cjbhtpoc.ini
2007-12-19 15:27 . 2007-12-19 15:27 1,202,921 --ahs---- C:\WINDOWS\system32\ufgpmvve.ini
2007-12-18 14:08 . 2007-12-18 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-12-18 13:55 . 2007-12-19 15:27 1,288,229 --ahs---- C:\WINDOWS\system32\aaaygfco.ini
2007-12-17 14:25 . 2007-12-18 13:53 1,205,338 --ahs---- C:\WINDOWS\system32\elotxsac.ini
2007-12-15 21:29 . 2007-12-17 14:25 1,205,158 --ahs---- C:\WINDOWS\system32\fgqqshpl.ini
2007-12-14 03:13 . 2007-12-14 03:14 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2007-12-14 00:33 . 2007-12-15 17:21 1,204,978 --ahs---- C:\WINDOWS\system32\ffwedwrm.ini
2007-12-13 00:02 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-12-13 00:02 . 2007-06-03 14:31 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2007-12-12 23:37 . 2007-12-14 00:25 1,281,645 --ahs---- C:\WINDOWS\system32\umgvmwan.ini
2007-12-12 23:33 . 2007-12-26 00:28 730 --a------ C:\WINDOWS\system32\tversity.cookies
2007-12-12 13:39 . 2007-12-13 00:02 <DIR> d-------- C:\Program Files\TVersity Codec Pack
2007-12-12 13:16 . 2007-12-12 13:16 <DIR> d-------- C:\Program Files\TVersity
2007-12-11 18:55 . 2007-12-11 18:55 1,105 --a------ C:\WINDOWS\checkip.dat
2007-12-11 12:24 . 2007-12-11 12:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-11 12:23 . 2007-12-11 12:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-11 12:12 . 2007-12-11 12:12 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\Grisoft
2007-12-11 12:12 . 2007-12-11 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 12:12 . 2007-05-31 01:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 21:38 . 2007-12-07 00:14 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-04 21:38 . 2007-12-07 00:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-04 21:37 . 2007-12-04 21:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-04 05:46 . 2007-12-04 14:59 <DIR> d-------- C:\Program Files\18 WoS Pedal to the Metal
2007-12-03 20:43 . 2007-12-03 20:51 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-02 10:20 . 2007-12-02 10:21 14,120 --a------ C:\WINDOWS\system32\awvvt.dll
2007-11-26 01:16 . 2007-11-26 01:16 <DIR> d-------- C:\WINDOWS\system32\xlive
2007-11-26 01:16 . 2007-10-27 23:26 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-26 01:16 . 2007-10-27 23:26 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2007-11-26 01:16 . 2007-10-27 23:26 479,232 --a------ C:\WINDOWS\system32\msvcm80.dll
2007-11-26 00:49 . 2007-11-26 01:16 <DIR> d-------- C:\KLDM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 13:26 --------- d-----w C:\Program Files\FlashGet
2007-12-23 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 11:26 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Microsoft Games
2007-12-11 10:26 --------- d-----w C:\Program Files\Microsoft Games
2007-12-11 06:31 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Bioshock
2007-12-05 04:09 --------- d-----w C:\Program Files\SensorsViewPro21
2007-12-04 23:55 --------- d-----w C:\Program Files\Activision
2007-12-04 08:06 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-04 07:30 6,960 ----a-w C:\WINDOWS\system32\pmkji.dll
2007-12-03 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-03 07:40 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-26 07:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-26 06:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-25 10:39 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-24 12:53 --------- d-----w C:\Program Files\SpeedFan
2007-11-21 01:50 --------- d-----w C:\Program Files\AusLogics BoostSpeed
2007-11-20 14:15 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-11-18 11:52 --------- d-----w C:\Program Files\Java
2007-11-18 10:58 --------- d-----w C:\Program Files\Ubisoft
2007-11-18 03:18 --------- d-----w C:\Program Files\Eidos
2007-11-17 23:46 297,568 ----a-w C:\WINDOWS\system32\sstqq.dll
2007-11-16 19:28 297,568 ----a-w C:\WINDOWS\system32\gebyx.dll
2007-11-15 23:02 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\LimeWire
2007-11-15 09:22 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2007-11-13 09:55 --------- d-----w C:\Program Files\Electronic Arts
2007-11-12 07:41 --------- d-----w C:\Program Files\Bethesda Softworks
2007-11-08 06:33 --------- d-----w C:\Program Files\Portal
2007-11-08 06:17 --------- d-----w C:\Program Files\Codemasters
2007-10-12 10:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 10:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-10-04 04:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 04:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 04:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 04:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 04:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 04:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 04:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 04:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 04:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 04:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 04:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 04:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 04:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 04:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 04:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 04:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 04:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 04:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 04:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 04:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 04:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 04:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 04:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 04:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 04:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 04:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 04:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 04:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 04:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-01 03:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-09-26 10:03 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-09-22 01:05 6,496 --sha-w C:\WINDOWS\system32\dfhkj.bak1
2007-09-22 13:05 844,590 --sha-w C:\WINDOWS\system32\dfhkj.bak2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-18 00:53]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 10:42 C:\WINDOWS\SOUNDMAN.EXE]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-31 07:05]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 18:22]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 17:54]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" []
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 21:10]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-21 02:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 22:25]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" [2007-12-23 17:50]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" [2007-12-23 17:50]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 01:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-10-01 20:26 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 10:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 10:17]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 10:15]
R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2006-02-10 00:54]
R3 RivaTuner32;RivaTuner32;C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-31 07:05]
S2 dyucerewvey0yy;Print Spooler Service;C:\WINDOWS\system32\nqdpb.exe /service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe /autorun
\Shell\directx\command - D:\DirectX\dxsetup.exe
\Shell\setup\command - D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 15:26:04 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Documents and Settings\Jeremy\Desktop\Desktop\XoftSpy\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 15:23:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-26 15:24:57
Logfile of HijackThis v1.99.1 Scan saved at 3:40:55 p.m., on 26/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\nqdpb.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Gangsters2Setup.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193228306609 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Print Spooler Service (dyucerewvey0yy) - Unknown owner - C:\WINDOWS\system32\nqdpb.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe BTW All pop ups have stopped coming up now  So can someone tell me... Am i officially clean?
__________________
[url="http://img67.imageshack.us/my.php?image=omgevalsmilesz5.jpg"]They Are Gonna Eat Us All!![/URL] WATCH OUT! Intel Pentium 4 3.06Ghz |
|
|
|
|
12-26-2007, 05:20 AM
|
#6 (permalink) |
|
Moderator
 
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 21
Posts: 5,299
|
I'm afraid not, still more to do.
Please download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to C:\SDFix You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site. Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).
Once done, please do the following:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. Please post
__________________
CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. |
|
|
|
|
12-27-2007, 01:59 PM
|
#7 (permalink) |
|
Bronze Member
Join Date: Jul 2007
Location: New Zealand
Age: 18
Posts: 93
|
ComboFix Log...
Code:
ComboFix 07-12-21.4 - Jeremy 2007-12-28 1:48:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536 [GMT 13:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeremy\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\aaaygfco.ini
C:\WINDOWS\system32\abgsujam.ini
C:\WINDOWS\system32\awmscnfp.ini
C:\WINDOWS\system32\cbqktrux.ini
C:\WINDOWS\system32\cjbhtpoc.ini
C:\WINDOWS\system32\ddcywxx.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\elotxsac.ini
C:\WINDOWS\system32\ffwedwrm.ini
C:\WINDOWS\system32\fgqqshpl.ini
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gtjdutom.ini
C:\WINDOWS\system32\hggggec.dll
C:\WINDOWS\system32\iifefgg.dll
C:\WINDOWS\system32\nqdpb.exe
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\ufgpmvve.ini
C:\WINDOWS\system32\umgvmwan.ini
C:\WINDOWS\system32\yaogmejn.ini
.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.
2007-12-28 01:39 . 2007-12-28 01:39 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-28 01:31 . 2007-12-28 01:31 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-28 00:25 . 2007-12-28 01:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-26 15:05 . 2007-12-26 15:05 1,478,778 --a------ C:\ComboFix.exe
2007-12-18 14:08 . 2007-12-18 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-12-14 03:13 . 2007-12-14 03:14 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2007-12-13 00:02 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-12-13 00:02 . 2007-06-03 14:31 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2007-12-12 23:33 . 2007-12-28 00:17 730 --a------ C:\WINDOWS\system32\tversity.cookies
2007-12-12 13:39 . 2007-12-13 00:02 <DIR> d-------- C:\Program Files\TVersity Codec Pack
2007-12-12 13:16 . 2007-12-12 13:16 <DIR> d-------- C:\Program Files\TVersity
2007-12-11 18:55 . 2007-12-11 18:55 1,105 --a------ C:\WINDOWS\checkip.dat
2007-12-11 12:24 . 2007-12-11 12:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-11 12:23 . 2007-12-11 12:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-11 12:12 . 2007-12-11 12:12 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\Grisoft
2007-12-11 12:12 . 2007-12-11 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 12:12 . 2007-05-31 01:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 21:38 . 2007-12-07 00:14 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-04 21:38 . 2007-12-07 00:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-04 21:37 . 2007-12-04 21:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-04 05:46 . 2007-12-04 14:59 <DIR> d-------- C:\Program Files\18 WoS Pedal to the Metal
2007-12-03 20:43 . 2007-12-03 20:51 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-02 10:20 . 2007-12-02 10:21 14,120 --a------ C:\WINDOWS\system32\awvvt.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:48 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-27 10:30 --------- d-----w C:\Program Files\FlashGet
2007-12-23 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 11:26 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Microsoft Games
2007-12-11 10:26 --------- d-----w C:\Program Files\Microsoft Games
2007-12-11 06:31 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Bioshock
2007-12-05 04:09 --------- d-----w C:\Program Files\SensorsViewPro21
2007-12-04 23:55 --------- d-----w C:\Program Files\Activision
2007-12-03 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-03 07:40 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-26 07:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-26 06:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-25 10:39 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-24 12:53 --------- d-----w C:\Program Files\SpeedFan
2007-11-21 01:50 --------- d-----w C:\Program Files\AusLogics BoostSpeed
2007-11-20 14:15 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-11-18 11:52 --------- d-----w C:\Program Files\Java
2007-11-18 10:58 --------- d-----w C:\Program Files\Ubisoft
2007-11-18 03:18 --------- d-----w C:\Program Files\Eidos
2007-11-15 23:02 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\LimeWire
2007-11-15 09:22 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2007-11-13 09:55 --------- d-----w C:\Program Files\Electronic Arts
2007-11-12 07:41 --------- d-----w C:\Program Files\Bethesda Softworks
2007-11-08 06:33 --------- d-----w C:\Program Files\Portal
2007-11-08 06:17 --------- d-----w C:\Program Files\Codemasters
2007-10-27 10:26 626,688 ----a-w C:\WINDOWS\system32\msvcr80.dll
2007-10-27 10:26 548,864 ----a-w C:\WINDOWS\system32\msvcp80.dll
2007-10-27 10:26 479,232 ----a-w C:\WINDOWS\system32\msvcm80.dll
2007-10-12 10:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 10:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-10-04 04:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 04:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 04:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 04:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 04:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 04:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 04:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 04:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 04:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 04:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 04:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 04:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 04:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 04:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 04:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 04:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 04:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 04:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 04:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 04:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 04:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 04:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 04:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 04:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 04:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 04:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 04:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 04:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 04:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-01 03:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-26_15.24.20.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-23 11:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-27 12:31:21 4,128,768 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-12-27 12:31:21 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-23 11:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-27 12:31:12 4,128,768 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-12-27 12:31:12 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-12-27 12:37:24 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-18 00:53]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 10:42 C:\WINDOWS\SOUNDMAN.EXE]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-31 07:05]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 18:22]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 17:54]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" []
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 21:10]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-21 02:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 22:25]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 01:00]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-10-01 20:26 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 10:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 10:17]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 10:15]
R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2006-02-10 00:54]
R3 RivaTuner32;RivaTuner32;C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-31 07:05]
.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 15:26:04 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Documents and Settings\Jeremy\Desktop\Desktop\XoftSpy\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 01:50:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-28 1:51:30
C:\ComboFix2.txt ... 2007-12-28 01:02
C:\ComboFix3.txt ... 2007-12-28 00:57
.
2007-12-27 11:25:45 --- E O F ---
Code:
SDFix: Version 1.119
Run by Jeremy on Fri 28/12/2007 at 01:31 a.m.
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
dyucerewvey0yy
Path:
C:\WINDOWS\system32\nqdpb.exe /service
dyucerewvey0yy - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 01:37:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:23b23991
"s2"=dword:7d12d193
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:69,55,09,af,a0,d8,45,d6,30,16,2f,4c,fb,f9,1d,28,bd,84,11,42,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:83,d0,bd,f1,6f,aa,bc,cd,22,72,18,7b,04,53,ed,a9,23,0e,be,1f,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,38,5e,56,88,79,e5,1e,9e,30,c6,a9,e3,7c,9d,e8,bd,1e,..
"khjeh"=hex:a3,40,12,4c,e3,5b,b2,3e,95,81,92,a7,69,a1,28,0f,e1,a6,d1,38,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,1e,da,98,1f,6f,b0,76,42,50,da,96,2c,c5,67,1c,3a,08,ad,b0,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:69,55,09,af,a0,d8,45,d6,30,16,2f,4c,fb,f9,1d,28,bd,84,11,42,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:83,d0,bd,f1,6f,aa,bc,cd,22,72,18,7b,04,53,ed,a9,23,0e,be,1f,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,38,5e,56,88,79,e5,1e,9e,30,c6,a9,e3,7c,9d,e8,bd,1e,..
"khjeh"=hex:a3,40,12,4c,e3,5b,b2,3e,95,81,92,a7,69,a1,28,0f,e1,a6,d1,38,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,1e,da,98,1f,6f,b0,76,42,50,da,96,2c,c5,67,1c,3a,08,ad,b0,43,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Sun 4 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 24 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 14 Dec 2004 339,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BIT157.tmp"
Fri 23 Jun 2006 153,429 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT1B3.tmp"
Tue 14 Dec 2004 334,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT154.tmp"
Mon 5 Feb 2007 905,077 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\BIT1B0.tmp"
Wed 3 Oct 2007 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT150.tmp"
Sat 30 Jun 2007 155,061 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\BIT176.tmp"
Sat 6 Aug 2005 491,760 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT158.tmp"
Fri 7 Oct 2005 490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\BIT1B8.tmp"
Thu 30 Mar 2006 150,932 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT1B1.tmp"
Sat 30 Jun 2007 155,642 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\BIT1B2.tmp"
Sat 4 Nov 2006 151,852 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\BIT17B.tmp"
Thu 9 Feb 2006 151,035 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\BIT1BA.tmp"
Sat 12 May 2007 1,266,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\582374c56f566bb2a83a59d0c2cd7d87\BIT178.tmp"
Mon 5 Feb 2007 98,851 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\BIT1C2.tmp"
Sat 23 Sep 2006 153,252 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT1BF.tmp"
Tue 7 Aug 2007 154,933 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\BIT15B.tmp"
Tue 27 Nov 2007 157,347 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\BIT1BD.tmp"
Thu 25 Oct 2007 2,585,864 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2c8f709dd0237a7e496be18e0ba404e\BIT3CCF.tmp"
Sat 3 Nov 2007 3,109,928 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab9217b6e5750f9481b4ee261d21b730\BIT1C0.tmp"
Wed 3 Oct 2007 875,912 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac396c0c2d53942a12157d0ad3c4135a\BIT1B6.tmp"
Tue 14 Dec 2004 333,544 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT156.tmp"
Sat 31 Mar 2007 101,875 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BIT17A.tmp"
Sat 6 Aug 2005 490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT1C3.tmp"
Sat 2 Sep 2006 151,551 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\BIT1B5.tmp"
Wed 27 Sep 2006 151,324 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\BIT1BE.tmp"
Tue 18 Apr 2006 149,979 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\BIT17C.tmp"
Sat 31 Mar 2007 157,600 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT1BB.tmp"
Mon 5 Feb 2007 98,994 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\BIT1BC.tmp"
Sat 6 Aug 2005 490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT1B7.tmp"
Sat 4 Nov 2006 152,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\BIT1B4.tmp"
Mon 5 Feb 2007 151,147 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\BIT1C1.tmp"
Sat 23 Sep 2006 152,541 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\BIT179.tmp"
Sat 30 Jun 2007 102,501 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1717a50ad70787e0b2e37537d202992\BIT177.tmp"
Wed 21 Nov 2007 102,476 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa49f6893c7a59670b5a3784bf50f6b9\BIT1B9.tmp"
Tue 18 Dec 2007 6,741 ...HR --- "C:\Documents and Settings\Jeremy\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 6 Aug 2005 516,286 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00766461b1b00d8469999536d8f8d6e4\download\BIT1CA.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\BIT14.tmp"
Thu 5 Jan 2006 87,210 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\BIT1C9.tmp"
Sat 11 Jun 2005 6,362 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\download\BIT1D9.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a120212db9f8797932f46def01672fc\download\BIT1D.tmp"
Thu 30 Mar 2006 408,860 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\BIT1DA.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BIT1F.tmp"
Sat 29 Jul 2006 29,349 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\BIT1C8.tmp"
Tue 1 May 2007 159,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT1E3.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\download\BITA.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BIT1B.tmp"
Mon 5 Feb 2007 217,512 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\download\BIT151.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\BIT16.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\download\BIT1C.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\download\BIT1A.tmp"
Wed 21 Nov 2007 19,724 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\304c19f1612f37ffa8967147d3cb7464\download\BIT1C5.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\download\BIT15.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\download\BITC.tmp"
Sat 2 Jun 2007 19,616 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT203.tmp"
Sat 4 Nov 2006 255,443 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\download\BIT20E.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b6ccd5ccf72ffca11e7f7e0165f2082\download\BITE.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\download\BITB.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\512e19b377bd5d52a1e190ecbd7a83eb\download\BIT13.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\download\BIT10.tmp"
Fri 30 Nov 2007 2,567,391 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT1E2.tmp"
Tue 12 Apr 2005 1,577,695 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\download\BIT1C4.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\download\BIT22.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\download\BIT18.tmp"
Sat 3 Jun 2006 204,282 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\BIT1C6.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\download\BIT20.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0d1667f129d439fad31a81898b17830\download\BIT17.tmp"
Thu 20 Apr 2006 1,053,663 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\BIT1DC.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BITD.tmp"
Fri 7 Oct 2005 49,012 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\download\BIT1DB.tmp"
Fri 7 Oct 2005 764,796 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BIT210.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\download\BIT12.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\download\BIT19.tmp"
Tue 7 Aug 2007 371,494 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\download\BIT20F.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\download\BIT1E.tmp"
Sat 1 Jul 2006 35,492 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\download\BIT202.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\download\BIT21.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\download\BITF.tmp"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\download\BIT11.tmp"
Sat 2 Jun 2007 115,734 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BIT1CB.tmp"
Finished!
__________________
[url="http://img67.imageshack.us/my.php?image=omgevalsmilesz5.jpg"]They Are Gonna Eat Us All!![/URL] WATCH OUT! Intel Pentium 4 3.06Ghz |
|
|
|
|
12-27-2007, 01:59 PM
|
#8 (permalink) |
|
Bronze Member
Join Date: Jul 2007
Location: New Zealand
Age: 18
Posts: 93
|
Annnd...
HijackThis Log... Code:
Logfile of HijackThis v1.99.1
Scan saved at 1:53:44 a.m., on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Gangsters2Setup.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193228306609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
__________________
[url="http://img67.imageshack.us/my.php?image=omgevalsmilesz5.jpg"]They Are Gonna Eat Us All!![/URL] WATCH OUT! Intel Pentium 4 3.06Ghz |
|
|
|
|
12-28-2007, 04:32 AM
|
#9 (permalink) |
|
Moderator
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 21
Posts: 5,299
|
Great, just a few final things.
Please run HijackThis and choose Do a system scan only. Place a check next to the following entries:
Please delete the following file: C:\WINDOWS\system32\awvvt.dll Please reboot and post a new HijackThis log.
__________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. |
