ComputerForum.com ComputerForum.com  
Go Back   Computer Forum > Computer Software > Computer Security
Trojan Downloader !!!!!! Nod32 Wtf!! Trojan Downloader !!!!!! Nod32 Wtf!!
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 1 of 4 1 234 >
 
LinkBack Thread Tools Display Modes
Old 02-01-2008, 03:06 AM   #1 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Exclamation Trojan Downloader !!!!!! Nod32 Wtf!!
Sorry for the title but this thing keeps popping up on my screen saying 17p***** is not valid exe. (stars mean don't no what else it said cause im on my other computer) and nod 32 keeps saying security threat blocked but not stopping it. it started to download this thing to :"stop it" so i held the power button to shut that shit off. I think it might of happened when i downloaded crysis demo but i dont know i think it was there for awhile because it popped up once before but didn't come back and now a week later it comes back ready to kick my computers ass. So i dont know where it came from, And why isnt nod 32 accually stopping it just saying it is lol ?


This is critical. Because i dont wanna lose my files. i have an external hard drive and i searched for the same file it was saying wouldn't open and doesnt seem to be there so thats good. Anyone else have this and any advice what to do.

P.s The exe is in windows and says its a win32 application or not one so i didnt want to go around deleting windows files.

Thank you, long thread.
Gamepsyched is offline   Reply With Quote


Old 02-01-2008, 03:24 AM   #2 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
Ok im on my laptop offline so i could figure out what the file was called and its called "17pholmes572" that sounds like a"virusy" name to me lol but thats the filename
Last edited by Gamepsyched; 02-01-2008 at 03:50 AM.
Gamepsyched is offline   Reply With Quote
Old 02-01-2008, 03:52 AM   #3 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
and im saying that file because when everything pops up an error pops up saying its not a valid win 32 so i assume it has something to do with the virus. I scan that file and nod32 says it doesnt find anything. GAR
Gamepsyched is offline   Reply With Quote
Old 02-01-2008, 05:53 AM   #4 (permalink)
Moderator
 
ceewi1's Avatar
 
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 21
Posts: 5,305
Default
It's definitely infected, please post logs from HijackThis and ComboFix:

Please download the HijackThis installer from http://www.trendsecure.com/portal/en...HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.

Once done, please do the following:
1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with the HijackThis log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
__________________

CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870
RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths
As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity.
- The "Warranty void if removed" sticker on numerous CoolerMaster PSUs.
ceewi1 is offline   Reply With Quote
Old 02-01-2008, 06:05 AM   #5 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
Dude wtf combofix deleted files......... whats happenin????? im on my other comp because all it shows on my laptop is the combo fix command screen


I just found out something, everytime i restart a windows live installer comes up. I didnt accept any of those files that my friends sent me so wtf?
Last edited by Gamepsyched; 02-01-2008 at 06:40 AM.
Gamepsyched is offline   Reply With Quote


Old 02-01-2008, 06:41 AM   #6 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
Hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:14 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [7074a397] rundll32.exe "C:\WINDOWS\system32\pigdkndy.dll",b
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\Nolan\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB561F8-76C7-45B6-8DD7-06098F6ABD99}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9416 bytes



-------------------------------------------------------------------------------------------------




ComboFix 08-02.01.4 - Nolan 2008-01-31 21:36:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.451 [GMT -8:00]
Running from: C:\Documents and Settings\Nolan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\fuugahwn.ini
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\nktpowvf.dll
C:\WINDOWS\system32\nwhaguuf.dll
C:\WINDOWS\system32\pigdkndy.dll
C:\WINDOWS\system32\rkabdjqm.dll
C:\WINDOWS\system32\ydnkdgip.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 21:32 . 2008-01-31 21:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 00:18 . 2008-01-31 00:18 <DIR> d-------- C:\Program Files\uTorrent
2008-01-31 00:18 . 2008-01-31 18:01 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\uTorrent
2008-01-30 20:21 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-01-30 20:21 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-01-30 20:21 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-30 20:21 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-30 19:46 . 2005-09-01 13:08 233,536 -ra------ C:\WINDOWS\Instexec.exe
2008-01-30 19:46 . 2005-09-07 05:24 86,016 --a------ C:\WINDOWS\system32\vatee.ax
2008-01-30 19:41 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-30 19:40 . 2008-01-30 19:40 260 --a------ C:\WINDOWS\_delis32.ini
2008-01-30 17:44 . 2008-01-30 17:44 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-30 14:33 . 2008-01-30 14:33 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Lavasoft
2008-01-30 11:56 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-30 11:56 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-30 11:56 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-30 11:51 . 2008-01-30 14:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-29 23:47 . 2007-10-18 12:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 23:46 . 2008-01-29 23:46 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 23:42 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 23:42 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 23:31 . 2008-01-30 19:46 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-29 23:20 . 2008-01-29 23:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 23:17 . 2008-01-29 23:17 <DIR> dr-h----- C:\Documents and Settings\Nolan\Application Data\SecuROM
2008-01-29 23:17 . 2008-01-29 23:17 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-29 21:30 . 2008-01-30 14:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:20 . 2008-01-30 22:47 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-29 20:40 . 2008-01-29 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-29 20:39 . 2008-01-29 20:50 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-29 20:37 . 2008-01-29 20:38 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\DAEMON Tools Pro
2008-01-29 20:13 . 2008-01-29 20:13 <DIR> d-------- C:\Program Files\Stardock
2008-01-29 20:13 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-29 17:22 . 2008-01-31 18:00 32,764 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-29 17:21 . 2008-01-29 17:22 38,400 --------- C:\WINDOWS\system32\opnoopq.dll
2008-01-29 14:11 . 2008-01-29 14:11 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 01:33 . 2008-01-29 01:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-29 00:01 . 2008-01-29 00:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-28 23:07 . 2008-01-28 23:07 <DIR> d-------- C:\Documents and Settings\Nolan\Incomplete
2008-01-28 23:07 . 2008-01-31 18:44 <DIR> d-------- C:\Documents and Settings\Nolan\.limewire
2008-01-28 19:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 19:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-28 19:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 18:17 . 2007-11-11 09:51 2,519,040 --a------ C:\WINDOWS\system32\nvwssr.dll
2008-01-28 18:17 . 2007-11-11 09:51 2,486,272 --a------ C:\WINDOWS\system32\nvwss.dll
2008-01-28 18:17 . 2007-11-11 09:51 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-01-28 17:33 . 2008-01-28 17:33 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2008-01-28 17:09 . 2008-01-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 17:04 . 2008-01-28 17:04 268 --ah----- C:\sqmdata03.sqm
2008-01-28 17:04 . 2008-01-28 17:04 244 --ah----- C:\sqmnoopt03.sqm
2008-01-28 16:54 . 2008-01-28 16:54 268 --ah----- C:\sqmdata02.sqm
2008-01-28 16:54 . 2008-01-28 16:54 244 --ah----- C:\sqmnoopt02.sqm
2008-01-28 16:51 . 2008-01-28 16:51 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 16:08 . 2008-01-28 16:08 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Logitech
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-28 15:56 . 2008-01-28 15:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-01-28 15:56 . 2008-01-28 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2008-01-28 15:54 . 2008-01-28 16:22 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-28 15:54 . 2008-01-28 15:54 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\InstallShield
2008-01-28 15:54 . 2008-01-28 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-28 15:54 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-01-28 15:54 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-28 15:54 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-28 15:54 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-28 15:54 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-28 15:04 . 2008-01-28 17:34 <DIR> d-------- C:\Documents and Settings\Nolan\Contacts
2008-01-28 15:00 . 2008-01-28 15:00 268 --ah----- C:\sqmdata01.sqm
2008-01-28 15:00 . 2008-01-28 15:00 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 14:55 . 2008-01-28 14:55 268 --ah----- C:\sqmdata00.sqm
2008-01-28 14:55 . 2008-01-28 14:55 244 --ah----- C:\sqmnoopt00.sqm
2008-01-28 14:08 . 2008-01-28 14:12 <DIR> d-------- C:\Program Files\Windows Live
2008-01-28 14:08 . 2008-01-28 14:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 14:08 . 2008-01-28 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 13:30 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-31 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 13:08 . 2008-01-28 13:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-28 01:11 . 2006-03-20 19:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-28 01:09 . 2008-01-28 01:10 <DIR> d-------- C:\Program Files\Google
2008-01-28 01:04 . 2008-01-28 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 00:54 . 2008-01-28 00:54 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\ESET
2008-01-28 00:54 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-28 00:53 . 2008-01-28 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-28 00:48 . 2008-01-28 00:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-28 00:37 . 2008-01-28 00:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-28 00:34 . 2008-01-28 00:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-28 00:27 . 2008-01-28 00:27 <DIR> d-------- C:\Program Files\PowerISO
2008-01-28 00:24 . 2008-01-31 21:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 00:24 . 2008-01-28 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Program Files\iPod
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Apple Computer
2008-01-28 00:22 . 2008-01-28 00:22 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 00:22 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 00:22 . 2008-01-28 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-28 00:22 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-28 00:11 . 2008-01-28 13:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\RamBooster 2.0
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-31 07:36 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-28 06:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 06:45 --------- d-----w C:\Program Files\Windows Plus
2007-12-21 16:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 16:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 16:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 16:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 16:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-01-28 01:10 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 05:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 09:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 09:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 20:03 73728 C:\WINDOWS\system32\nvhotkey.dll]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 13:03 36640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-28 17:33 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-11-11 09:51 81920]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"NI.UGA6P_0001_N122M2210"="C:\DOCUME~1\Nolan\LOCAL S~1\Temp\winvsnet.exe" [ ]

C:\Documents and Settings\Nolan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-28 00:11:13 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-28 00:11:15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnoopq]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 08:22:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 21:44:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
************************************************** ************************
.
Completion time: 2008-01-31 21:46:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 05:46:09
.
2008-01-29 08:01:32 --- E O F ---
Last edited by Gamepsyched; 02-01-2008 at 06:43 AM.
Gamepsyched is offline   Reply With Quote
Old 02-01-2008, 06:44 AM   #7 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
So anyone know wtf any of that means???? haha


because im not connecting my external hdd or my ipod until i can figure out what it is.



P.S after doing that i got back all my hd space that mysteriously dissapeared so that resolves my other thread




P.S.S - Well im thinking of dumpin nod32 (its my anti virus spyware and firewall) since it let this shit through , Any reccomendations on an antivirus?
Last edited by Gamepsyched; 02-01-2008 at 07:02 AM.
Gamepsyched is offline   Reply With Quote
Old 02-01-2008, 07:20 AM   #8 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
hello ? i really need help did it work?
Gamepsyched is offline   Reply With Quote
Old 02-01-2008, 07:45 AM   #9 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 6,729
Default
Quote:
Originally Posted by Gamepsyched View Post
hello ? i really need help did it work?
Please be patient, nobody gets paid for doing this, ceewi1 will get back to you when he can.
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote
Old 02-01-2008, 07:47 AM   #10 (permalink)
Silver Member
 
Gamepsyched's Avatar
 
Join Date: Dec 2007
Age: 15
Posts: 149
Default
lawl sorry i just really wanna hook up my external hdd and listen to my podcasts on my ipod , and im the most impatient person ever (i also have a.d.h.d) so sorry i will bug my 360 forum atm i guess
Gamepsyched is offline   Reply With Quote
Reply
Page 1 of 4 1 234 >

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan found....cant delete..wtf? chris878758 General Software 3 01-02-2008 11:23 AM
System Alert!! Fake! Re: anti-vermins.com J_D Computer Security 5 01-07-2007 01:36 PM
Getter Trojan Downloader Dropkickmurphys Computer Security 7 10-04-2006 04:44 PM
Need help, I have at least one trojan thermophilis Computer Security 17 06-05-2006 09:08 AM
How to get rid of Trojan Downloader? veronica9 Computer Security 1 06-02-2005 10:20 AM

All times are GMT +1. The time now is 07:34 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2008 Computer Forum and Web Design Forum