I've got virus's :P (hijack This Log included)

Millsie

Millsie

New Member
Hi, I think I may have quite a few virus's because I recieved a file form my friend over the internet now... I get random IM's saying "DUDE WTF". Then they instantly sign off... So I basicly think that its just spreading it's self around all my contacts :(. Please help...

And as promised a hijack this log is included :)

Logfile of HijackThis v1.99.1
Scan saved at 4:31:27 a.m., on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\nqdpb.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\xpitpqig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [6c0b492f] rundll32.exe "C:\WINDOWS\system32\clccdwln.dll",b
O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Gangsters2Setup.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193228306609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\xpitpqig.exe
O23 - Service: Print Spooler Service (dyucerewvey0yy) - Unknown owner - C:\WINDOWS\system32\nqdpb.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Any Help Will Be Appreciated :)... Thanks
 
Last edited:
Hello!
As I checked your HijackThis Log I found a couple of Spywares, nothing serious, and none of them explains what you have described in your post.
WHat you described, looks to me as your friends have AdWare, from MySpace or some other place that inclueds pictures, or from some hacking site which include programs.That type of adwares are automatically sent from Temp folder on computer to all msn contacts, and that causes a freeze. If you want after we finish with you, you can post your friend's HijackThis Log, or just tell him for AdAware program on net.

Now, let's go to work!.
I have found 2 unknown processes on your computer, but unless it causes some troubles it can stay, for now.

Please, run HijackThis and choose Do a system scan only.
Put a check on these lines :

  • C:\WINDOWS\system32\nqdpb.exe
  • C:\WINDOWS\system32\xpitpqig.exe
  • O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
  • O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
  • O4 - HKLM\..\Run: [6c0b492f] rundll32.exe "C:\WINDOWS\system32\clccdwln.dll",b

Please reboot your computer now.
Now, please run this scan http://info.prevx.com/downloadcsi.asp
It will check for spywares on your computer and please post the results here. Also, scan with HijackThis and post a fresh HijackThis Log.
 
Last edited:
Ok then lol...
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer. Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware
Geeks to Go

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
 
This Is ComboFix's Log...
Code: 
ComboFix 07-12-21.4 - Jeremy 2007-12-26 15:07:53.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1531 [GMT 13:00]
Running from: C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\#SharedObjects\XM95LZFM\iforex.com
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\#SharedObjects\XM95LZFM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Jeremy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ankqusuw.dll
C:\WINDOWS\system32\bhwacdfy.dll
C:\WINDOWS\system32\bsntrtwo.exe
C:\WINDOWS\system32\clccdwln.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\efcyvww.dll
C:\WINDOWS\system32\eitjqtie.dll
C:\WINDOWS\system32\ejhyqkob.exe
C:\WINDOWS\system32\fyhqkplj.dll
C:\WINDOWS\system32\gpitimfi.exe
C:\WINDOWS\system32\hlwnxwrj.dll
C:\WINDOWS\system32\igqhpoqh.dll
C:\WINDOWS\system32\javjcorv.exe
C:\WINDOWS\system32\jrwxnwlh.ini
C:\WINDOWS\system32\juwugyhr.dll
C:\WINDOWS\system32\kxmfgrlc.dll
C:\WINDOWS\system32\lvyekdee.dll
C:\WINDOWS\system32\metclxqv.dll
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\nlwdcclc.ini
C:\WINDOWS\system32\rgksjngb.dll
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\tsnoieae.exe
C:\WINDOWS\system32\vdnmhhpf.dll
C:\WINDOWS\system32\viqcgmif.dll
C:\WINDOWS\system32\vlrbkvlv.dll
C:\WINDOWS\system32\yvmprnri.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((   Files Created from 2007-11-26 to 2007-12-26  )))))))))))))))))))))))))))))))
.

2007-12-25 22:00 . 2007-12-25 22:00	24,304	--a------	C:\WINDOWS\system32\ddcywxx.dll
2007-12-25 02:34 . 2007-12-25 21:47	994,066	--ahs----	C:\WINDOWS\system32\awmscnfp.ini
2007-12-25 00:16 . 2007-12-25 00:16	24,304	--a------	C:\WINDOWS\system32\iifefgg.dll
2007-12-24 06:53 . 2007-12-23 17:50	122,880	--a------	C:\WINDOWS\system32\nqdpb.exe
2007-12-24 02:26 . 2007-12-25 02:26	993,946	--ahs----	C:\WINDOWS\system32\yaogmejn.ini
2007-12-23 00:09 . 2007-12-24 00:10	992,014	--ahs----	C:\WINDOWS\system32\gtjdutom.ini
2007-12-21 23:12 . 2007-12-21 23:12	24,304	--a------	C:\WINDOWS\system32\hggggec.dll
2007-12-21 19:47 . 2007-12-23 00:07	991,894	--ahs----	C:\WINDOWS\system32\cbqktrux.ini
2007-12-20 18:38 . 2007-12-21 19:42	987,934	--ahs----	C:\WINDOWS\system32\abgsujam.ini
2007-12-19 15:40 . 2007-12-20 18:37	992,665	--ahs----	C:\WINDOWS\system32\cjbhtpoc.ini
2007-12-19 15:27 . 2007-12-19 15:27	1,202,921	--ahs----	C:\WINDOWS\system32\ufgpmvve.ini
2007-12-18 14:08 . 2007-12-18 14:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-12-18 13:55 . 2007-12-19 15:27	1,288,229	--ahs----	C:\WINDOWS\system32\aaaygfco.ini
2007-12-17 14:25 . 2007-12-18 13:53	1,205,338	--ahs----	C:\WINDOWS\system32\elotxsac.ini
2007-12-15 21:29 . 2007-12-17 14:25	1,205,158	--ahs----	C:\WINDOWS\system32\fgqqshpl.ini
2007-12-14 03:13 . 2007-12-14 03:14	<DIR>	d--------	C:\Program Files\RivaTuner v2.06
2007-12-14 00:33 . 2007-12-15 17:21	1,204,978	--ahs----	C:\WINDOWS\system32\ffwedwrm.ini
2007-12-13 00:02 . 2007-04-24 17:30	60,273	--a------	C:\WINDOWS\system32\pthreadGC2.dll
2007-12-13 00:02 . 2007-06-03 14:31	6,144	--a------	C:\WINDOWS\system32\ff_acm.acm
2007-12-12 23:37 . 2007-12-14 00:25	1,281,645	--ahs----	C:\WINDOWS\system32\umgvmwan.ini
2007-12-12 23:33 . 2007-12-26 00:28	730	--a------	C:\WINDOWS\system32\tversity.cookies
2007-12-12 13:39 . 2007-12-13 00:02	<DIR>	d--------	C:\Program Files\TVersity Codec Pack
2007-12-12 13:16 . 2007-12-12 13:16	<DIR>	d--------	C:\Program Files\TVersity
2007-12-11 18:55 . 2007-12-11 18:55	1,105	--a------	C:\WINDOWS\checkip.dat
2007-12-11 12:24 . 2007-12-11 12:24	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-11 12:23 . 2007-12-11 12:23	<DIR>	d--------	C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-11 12:12 . 2007-12-11 12:12	<DIR>	d--------	C:\Documents and Settings\Jeremy\Application Data\Grisoft
2007-12-11 12:12 . 2007-12-11 12:12	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 12:12 . 2007-05-31 01:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 21:38 . 2007-12-07 00:14	107,832	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2007-12-04 21:38 . 2007-12-07 00:14	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-04 21:37 . 2007-12-04 21:37	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2007-12-04 05:46 . 2007-12-04 14:59	<DIR>	d--------	C:\Program Files\18 WoS Pedal to the Metal
2007-12-03 20:43 . 2007-12-03 20:51	<DIR>	d--------	C:\Program Files\DAEMON Tools
2007-12-02 10:20 . 2007-12-02 10:21	14,120	--a------	C:\WINDOWS\system32\awvvt.dll
2007-11-26 01:16 . 2007-11-26 01:16	<DIR>	d--------	C:\WINDOWS\system32\xlive
2007-11-26 01:16 . 2007-10-27 23:26	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll
2007-11-26 01:16 . 2007-10-27 23:26	548,864	--a------	C:\WINDOWS\system32\msvcp80.dll
2007-11-26 01:16 . 2007-10-27 23:26	479,232	--a------	C:\WINDOWS\system32\msvcm80.dll
2007-11-26 00:49 . 2007-11-26 01:16	<DIR>	d--------	C:\KLDM

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 13:26	---------	d-----w	C:\Program Files\FlashGet
2007-12-23 05:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-12-11 11:26	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\Microsoft Games
2007-12-11 10:26	---------	d-----w	C:\Program Files\Microsoft Games
2007-12-11 06:31	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\Bioshock
2007-12-05 04:09	---------	d-----w	C:\Program Files\SensorsViewPro21
2007-12-04 23:55	---------	d-----w	C:\Program Files\Activision
2007-12-04 08:06	98,304	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2007-12-04 07:30	6,960	----a-w	C:\WINDOWS\system32\pmkji.dll
2007-12-03 16:46	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-03 07:40	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-11-26 07:21	11,973	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-26 06:59	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-11-25 10:39	---------	d-----w	C:\Program Files\SystemRequirementsLab
2007-11-24 12:53	---------	d-----w	C:\Program Files\SpeedFan
2007-11-21 01:50	---------	d-----w	C:\Program Files\AusLogics BoostSpeed
2007-11-20 14:15	---------	d-----w	C:\Program Files\AusLogics Disk Defrag
2007-11-18 11:52	---------	d-----w	C:\Program Files\Java
2007-11-18 10:58	---------	d-----w	C:\Program Files\Ubisoft
2007-11-18 03:18	---------	d-----w	C:\Program Files\Eidos
2007-11-17 23:46	297,568	----a-w	C:\WINDOWS\system32\sstqq.dll
2007-11-16 19:28	297,568	----a-w	C:\WINDOWS\system32\gebyx.dll
2007-11-15 23:02	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\LimeWire
2007-11-15 09:22	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2007-11-13 09:55	---------	d-----w	C:\Program Files\Electronic Arts
2007-11-12 07:41	---------	d-----w	C:\Program Files\Bethesda Softworks
2007-11-08 06:33	---------	d-----w	C:\Program Files\Portal
2007-11-08 06:17	---------	d-----w	C:\Program Files\Codemasters
2007-10-12 10:19	13,653,824	----a-w	C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 10:19	10,155,840	----a-w	C:\WINDOWS\system32\xlive.dll
2007-10-04 04:14	81,920	----a-w	C:\WINDOWS\system32\nvwddi.dll
2007-10-04 04:14	81,920	----a-w	C:\WINDOWS\system32\nvmctray.dll
2007-10-04 04:14	8,491,008	----a-w	C:\WINDOWS\system32\nvcpl.dll
2007-10-04 04:14	753,664	----a-w	C:\WINDOWS\system32\nvcplui.exe
2007-10-04 04:14	6,750,208	----a-w	C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 04:14	6,344,704	----a-w	C:\WINDOWS\system32\nvdisps.dll
2007-10-04 04:14	5,783,424	----a-w	C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 04:14	466,944	----a-w	C:\WINDOWS\system32\nvshell.dll
2007-10-04 04:14	45,056	----a-w	C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 04:14	442,368	----a-w	C:\WINDOWS\system32\nvappbar.exe
2007-10-04 04:14	425,984	----a-w	C:\WINDOWS\system32\keystone.exe
2007-10-04 04:14	364,544	----a-w	C:\WINDOWS\system32\nvapi.dll
2007-10-04 04:14	36,864	----a-w	C:\WINDOWS\system32\nvcodins.dll
2007-10-04 04:14	36,864	----a-w	C:\WINDOWS\system32\nvcod.dll
2007-10-04 04:14	307,200	----a-w	C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 04:14	3,551,232	----a-w	C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 04:14	3,334,144	----a-w	C:\WINDOWS\system32\nvgames.dll
2007-10-04 04:14	286,720	----a-w	C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 04:14	229,376	----a-w	C:\WINDOWS\system32\nvmccs.dll
2007-10-04 04:14	2,371,584	----a-w	C:\WINDOWS\system32\nvwss.dll
2007-10-04 04:14	188,416	----a-w	C:\WINDOWS\system32\nvmccss.dll
2007-10-04 04:14	155,716	----a-w	C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 04:14	147,456	----a-w	C:\WINDOWS\system32\nvcolor.exe
2007-10-04 04:14	1,703,936	----a-w	C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 04:14	1,626,112	----a-w	C:\WINDOWS\system32\nwiz.exe
2007-10-04 04:14	1,478,656	----a-w	C:\WINDOWS\system32\nview.dll
2007-10-04 04:14	1,339,392	----a-w	C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 04:14	1,150,976	----a-w	C:\WINDOWS\system32\nvmobls.dll
2007-10-04 04:14	1,019,904	----a-w	C:\WINDOWS\system32\nvwimg.dll
2007-10-01 03:40	1,526,072	----a-w	C:\WINDOWS\WRSetup.dll
2007-09-26 10:03	737,280	----a-w	C:\WINDOWS\iun6002.exe
2007-09-22 01:05	6,496	--sha-w	C:\WINDOWS\system32\dfhkj.bak1
2007-09-22 13:05	844,590	--sha-w	C:\WINDOWS\system32\dfhkj.bak2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-18 00:53]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 10:42 C:\WINDOWS\SOUNDMAN.EXE]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-31 07:05]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 18:22]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 17:54]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" []
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 21:10]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-21 02:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 22:25]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" [2007-12-23 17:50]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" [2007-12-23 17:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 01:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-10-01 20:26 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 10:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 10:17]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 10:15]
R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2006-02-10 00:54]
R3 RivaTuner32;RivaTuner32;C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-31 07:05]
S2 dyucerewvey0yy;Print Spooler Service;C:\WINDOWS\system32\nqdpb.exe /service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe /autorun
\Shell\directx\command - D:\DirectX\dxsetup.exe
\Shell\setup\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 15:26:04 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Documents and Settings\Jeremy\Desktop\Desktop\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 15:23:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-12-26 15:24:57

And this is Hijackthis's Log

Logfile of HijackThis v1.99.1
Scan saved at 3:40:55 p.m., on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\nqdpb.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Gangsters2Setup.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193228306609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Print Spooler Service (dyucerewvey0yy) - Unknown owner - C:\WINDOWS\system32\nqdpb.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BTW All pop ups have stopped coming up now :P

So can someone tell me... Am i officially clean?
 
I'm afraid not, still more to do.

Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site.

Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Paste the contents of the Report.txt in your next reply.

Once done, please do the following:
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\ddcywxx.dll
C:\WINDOWS\system32\awmscnfp.ini
C:\WINDOWS\system32\iifefgg.dll
C:\WINDOWS\system32\nqdpb.exe
C:\WINDOWS\system32\yaogmejn.ini
C:\WINDOWS\system32\gtjdutom.ini
C:\WINDOWS\system32\hggggec.dll
C:\WINDOWS\system32\cbqktrux.ini
C:\WINDOWS\system32\abgsujam.ini
C:\WINDOWS\system32\cjbhtpoc.ini
C:\WINDOWS\system32\ufgpmvve.ini
C:\WINDOWS\system32\aaaygfco.ini
C:\WINDOWS\system32\elotxsac.ini
C:\WINDOWS\system32\fgqqshpl.ini
C:\WINDOWS\system32\ffwedwrm.ini
C:\WINDOWS\system32\umgvmwan.ini
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please post
  • The SDFix report
  • The ComboFix log
  • A new HijackThis log
 
ComboFix Log...

Code: 
ComboFix 07-12-21.4 - Jeremy 2007-12-28  1:48:33.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1536 [GMT 13:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeremy\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\system32\aaaygfco.ini
C:\WINDOWS\system32\abgsujam.ini
C:\WINDOWS\system32\awmscnfp.ini
C:\WINDOWS\system32\cbqktrux.ini
C:\WINDOWS\system32\cjbhtpoc.ini
C:\WINDOWS\system32\ddcywxx.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\elotxsac.ini
C:\WINDOWS\system32\ffwedwrm.ini
C:\WINDOWS\system32\fgqqshpl.ini
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gtjdutom.ini
C:\WINDOWS\system32\hggggec.dll
C:\WINDOWS\system32\iifefgg.dll
C:\WINDOWS\system32\nqdpb.exe
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\ufgpmvve.ini
C:\WINDOWS\system32\umgvmwan.ini
C:\WINDOWS\system32\yaogmejn.ini
.

(((((((((((((((((((((((((   Files Created from 2007-11-27 to 2007-12-27  )))))))))))))))))))))))))))))))
.

2007-12-28 01:39 . 2007-12-28 01:39	<DIR>	d--------	C:\WINDOWS\LastGood
2007-12-28 01:31 . 2007-12-28 01:31	<DIR>	d--------	C:\WINDOWS\ERUNT
2007-12-28 00:25 . 2007-12-28 01:43	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2007-12-26 15:05 . 2007-12-26 15:05	1,478,778	--a------	C:\ComboFix.exe
2007-12-18 14:08 . 2007-12-18 14:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-12-14 03:13 . 2007-12-14 03:14	<DIR>	d--------	C:\Program Files\RivaTuner v2.06
2007-12-13 00:02 . 2007-04-24 17:30	60,273	--a------	C:\WINDOWS\system32\pthreadGC2.dll
2007-12-13 00:02 . 2007-06-03 14:31	6,144	--a------	C:\WINDOWS\system32\ff_acm.acm
2007-12-12 23:33 . 2007-12-28 00:17	730	--a------	C:\WINDOWS\system32\tversity.cookies
2007-12-12 13:39 . 2007-12-13 00:02	<DIR>	d--------	C:\Program Files\TVersity Codec Pack
2007-12-12 13:16 . 2007-12-12 13:16	<DIR>	d--------	C:\Program Files\TVersity
2007-12-11 18:55 . 2007-12-11 18:55	1,105	--a------	C:\WINDOWS\checkip.dat
2007-12-11 12:24 . 2007-12-11 12:24	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-11 12:23 . 2007-12-11 12:23	<DIR>	d--------	C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-11 12:12 . 2007-12-11 12:12	<DIR>	d--------	C:\Documents and Settings\Jeremy\Application Data\Grisoft
2007-12-11 12:12 . 2007-12-11 12:12	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 12:12 . 2007-05-31 01:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 21:38 . 2007-12-07 00:14	107,832	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2007-12-04 21:38 . 2007-12-07 00:14	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-04 21:37 . 2007-12-04 21:37	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2007-12-04 05:46 . 2007-12-04 14:59	<DIR>	d--------	C:\Program Files\18 WoS Pedal to the Metal
2007-12-03 20:43 . 2007-12-03 20:51	<DIR>	d--------	C:\Program Files\DAEMON Tools
2007-12-02 10:20 . 2007-12-02 10:21	14,120	--a------	C:\WINDOWS\system32\awvvt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:48	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2007-12-27 10:30	---------	d-----w	C:\Program Files\FlashGet
2007-12-23 05:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-12-11 11:26	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\Microsoft Games
2007-12-11 10:26	---------	d-----w	C:\Program Files\Microsoft Games
2007-12-11 06:31	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\Bioshock
2007-12-05 04:09	---------	d-----w	C:\Program Files\SensorsViewPro21
2007-12-04 23:55	---------	d-----w	C:\Program Files\Activision
2007-12-03 16:46	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-03 07:40	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-11-26 07:21	11,973	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-26 06:59	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-11-25 10:39	---------	d-----w	C:\Program Files\SystemRequirementsLab
2007-11-24 12:53	---------	d-----w	C:\Program Files\SpeedFan
2007-11-21 01:50	---------	d-----w	C:\Program Files\AusLogics BoostSpeed
2007-11-20 14:15	---------	d-----w	C:\Program Files\AusLogics Disk Defrag
2007-11-18 11:52	---------	d-----w	C:\Program Files\Java
2007-11-18 10:58	---------	d-----w	C:\Program Files\Ubisoft
2007-11-18 03:18	---------	d-----w	C:\Program Files\Eidos
2007-11-15 23:02	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\LimeWire
2007-11-15 09:22	---------	d-----w	C:\Documents and Settings\Jeremy\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2007-11-13 09:55	---------	d-----w	C:\Program Files\Electronic Arts
2007-11-12 07:41	---------	d-----w	C:\Program Files\Bethesda Softworks
2007-11-08 06:33	---------	d-----w	C:\Program Files\Portal
2007-11-08 06:17	---------	d-----w	C:\Program Files\Codemasters
2007-10-27 10:26	626,688	----a-w	C:\WINDOWS\system32\msvcr80.dll
2007-10-27 10:26	548,864	----a-w	C:\WINDOWS\system32\msvcp80.dll
2007-10-27 10:26	479,232	----a-w	C:\WINDOWS\system32\msvcm80.dll
2007-10-12 10:19	13,653,824	----a-w	C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 10:19	10,155,840	----a-w	C:\WINDOWS\system32\xlive.dll
2007-10-04 04:14	81,920	----a-w	C:\WINDOWS\system32\nvwddi.dll
2007-10-04 04:14	81,920	----a-w	C:\WINDOWS\system32\nvmctray.dll
2007-10-04 04:14	8,491,008	----a-w	C:\WINDOWS\system32\nvcpl.dll
2007-10-04 04:14	753,664	----a-w	C:\WINDOWS\system32\nvcplui.exe
2007-10-04 04:14	6,750,208	----a-w	C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 04:14	6,344,704	----a-w	C:\WINDOWS\system32\nvdisps.dll
2007-10-04 04:14	5,783,424	----a-w	C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 04:14	466,944	----a-w	C:\WINDOWS\system32\nvshell.dll
2007-10-04 04:14	45,056	----a-w	C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 04:14	442,368	----a-w	C:\WINDOWS\system32\nvappbar.exe
2007-10-04 04:14	425,984	----a-w	C:\WINDOWS\system32\keystone.exe
2007-10-04 04:14	364,544	----a-w	C:\WINDOWS\system32\nvapi.dll
2007-10-04 04:14	36,864	----a-w	C:\WINDOWS\system32\nvcodins.dll
2007-10-04 04:14	36,864	----a-w	C:\WINDOWS\system32\nvcod.dll
2007-10-04 04:14	307,200	----a-w	C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 04:14	3,551,232	----a-w	C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 04:14	3,334,144	----a-w	C:\WINDOWS\system32\nvgames.dll
2007-10-04 04:14	286,720	----a-w	C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 04:14	229,376	----a-w	C:\WINDOWS\system32\nvmccs.dll
2007-10-04 04:14	2,371,584	----a-w	C:\WINDOWS\system32\nvwss.dll
2007-10-04 04:14	188,416	----a-w	C:\WINDOWS\system32\nvmccss.dll
2007-10-04 04:14	155,716	----a-w	C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 04:14	147,456	----a-w	C:\WINDOWS\system32\nvcolor.exe
2007-10-04 04:14	1,703,936	----a-w	C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 04:14	1,626,112	----a-w	C:\WINDOWS\system32\nwiz.exe
2007-10-04 04:14	1,478,656	----a-w	C:\WINDOWS\system32\nview.dll
2007-10-04 04:14	1,339,392	----a-w	C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 04:14	1,150,976	----a-w	C:\WINDOWS\system32\nvmobls.dll
2007-10-04 04:14	1,019,904	----a-w	C:\WINDOWS\system32\nvwimg.dll
2007-10-01 03:40	1,526,072	----a-w	C:\WINDOWS\WRSetup.dll
.

(((((((((((((((((((((((((((((   snapshot@2007-12-26_15.24.20.71   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-23 11:54:58	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-27 12:31:21	4,128,768	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-12-27 12:31:21	159,744	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-23 11:54:58	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-27 12:31:12	4,128,768	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-12-27 12:31:12	159,744	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-27 12:37:24	16,384	----atw	C:\WINDOWS\TEMP\Perflib_Perfdata_7ac.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-18 00:53]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 10:42 C:\WINDOWS\SOUNDMAN.EXE]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-31 07:05]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 18:22]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 17:54]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" []
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 21:10]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 01:00 C:\WINDOWS\system32\rundll32.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-21 02:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 22:25]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nqdpb"="C:\WINDOWS\system32\nqdpb.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 01:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-10-01 20:26 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 10:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 10:17]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 10:15]
R2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [2006-02-10 00:54]
R3 RivaTuner32;RivaTuner32;C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-31 07:05]

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 15:26:04 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Documents and Settings\Jeremy\Desktop\Desktop\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 01:50:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-12-28  1:51:30
C:\ComboFix2.txt ... 2007-12-28 01:02
C:\ComboFix3.txt ... 2007-12-28 00:57
.
2007-12-27 11:25:45	--- E O F ---

SDFix Log

Code: 
SDFix: Version 1.119

Run by Jeremy on Fri 28/12/2007 at 01:31 a.m.

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
dyucerewvey0yy

Path:
C:\WINDOWS\system32\nqdpb.exe /service

dyucerewvey0yy - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 01:37:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:23b23991
"s2"=dword:7d12d193
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:69,55,09,af,a0,d8,45,d6,30,16,2f,4c,fb,f9,1d,28,bd,84,11,42,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:83,d0,bd,f1,6f,aa,bc,cd,22,72,18,7b,04,53,ed,a9,23,0e,be,1f,70,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,38,5e,56,88,79,e5,1e,9e,30,c6,a9,e3,7c,9d,e8,bd,1e,..
"khjeh"=hex:a3,40,12,4c,e3,5b,b2,3e,95,81,92,a7,69,a1,28,0f,e1,a6,d1,38,bc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,1e,da,98,1f,6f,b0,76,42,50,da,96,2c,c5,67,1c,3a,08,ad,b0,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:69,55,09,af,a0,d8,45,d6,30,16,2f,4c,fb,f9,1d,28,bd,84,11,42,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:83,d0,bd,f1,6f,aa,bc,cd,22,72,18,7b,04,53,ed,a9,23,0e,be,1f,70,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,38,5e,56,88,79,e5,1e,9e,30,c6,a9,e3,7c,9d,e8,bd,1e,..
"khjeh"=hex:a3,40,12,4c,e3,5b,b2,3e,95,81,92,a7,69,a1,28,0f,e1,a6,d1,38,bc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,1e,da,98,1f,6f,b0,76,42,50,da,96,2c,c5,67,1c,3a,08,ad,b0,43,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sun  4 Nov 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 24 Sep 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 14 Dec 2004       339,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BIT157.tmp"
Fri 23 Jun 2006       153,429 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT1B3.tmp"
Tue 14 Dec 2004       334,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT154.tmp"
Mon  5 Feb 2007       905,077 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\BIT1B0.tmp"
Wed  3 Oct 2007    15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT150.tmp"
Sat 30 Jun 2007       155,061 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\BIT176.tmp"
Sat  6 Aug 2005       491,760 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT158.tmp"
Fri  7 Oct 2005       490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\BIT1B8.tmp"
Thu 30 Mar 2006       150,932 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT1B1.tmp"
Sat 30 Jun 2007       155,642 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\BIT1B2.tmp"
Sat  4 Nov 2006       151,852 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\BIT17B.tmp"
Thu  9 Feb 2006       151,035 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\BIT1BA.tmp"
Sat 12 May 2007     1,266,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\582374c56f566bb2a83a59d0c2cd7d87\BIT178.tmp"
Mon  5 Feb 2007        98,851 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\BIT1C2.tmp"
Sat 23 Sep 2006       153,252 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT1BF.tmp"
Tue  7 Aug 2007       154,933 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\BIT15B.tmp"
Tue 27 Nov 2007       157,347 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\BIT1BD.tmp"
Thu 25 Oct 2007     2,585,864 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2c8f709dd0237a7e496be18e0ba404e\BIT3CCF.tmp"
Sat  3 Nov 2007     3,109,928 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab9217b6e5750f9481b4ee261d21b730\BIT1C0.tmp"
Wed  3 Oct 2007       875,912 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac396c0c2d53942a12157d0ad3c4135a\BIT1B6.tmp"
Tue 14 Dec 2004       333,544 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT156.tmp"
Sat 31 Mar 2007       101,875 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BIT17A.tmp"
Sat  6 Aug 2005       490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT1C3.tmp"
Sat  2 Sep 2006       151,551 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\BIT1B5.tmp"
Wed 27 Sep 2006       151,324 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\BIT1BE.tmp"
Tue 18 Apr 2006       149,979 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\BIT17C.tmp"
Sat 31 Mar 2007       157,600 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT1BB.tmp"
Mon  5 Feb 2007        98,994 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\BIT1BC.tmp"
Sat  6 Aug 2005       490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT1B7.tmp"
Sat  4 Nov 2006       152,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\BIT1B4.tmp"
Mon  5 Feb 2007       151,147 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\BIT1C1.tmp"
Sat 23 Sep 2006       152,541 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\BIT179.tmp"
Sat 30 Jun 2007       102,501 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1717a50ad70787e0b2e37537d202992\BIT177.tmp"
Wed 21 Nov 2007       102,476 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa49f6893c7a59670b5a3784bf50f6b9\BIT1B9.tmp"
Tue 18 Dec 2007         6,741 ...HR --- "C:\Documents and Settings\Jeremy\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat  6 Aug 2005       516,286 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00766461b1b00d8469999536d8f8d6e4\download\BIT1CA.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\BIT14.tmp"
Thu  5 Jan 2006        87,210 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\BIT1C9.tmp"
Sat 11 Jun 2005         6,362 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\download\BIT1D9.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a120212db9f8797932f46def01672fc\download\BIT1D.tmp"
Thu 30 Mar 2006       408,860 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\BIT1DA.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BIT1F.tmp"
Sat 29 Jul 2006        29,349 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\BIT1C8.tmp"
Tue  1 May 2007       159,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT1E3.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\download\BITA.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BIT1B.tmp"
Mon  5 Feb 2007       217,512 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\download\BIT151.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\BIT16.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\download\BIT1C.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\download\BIT1A.tmp"
Wed 21 Nov 2007        19,724 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\304c19f1612f37ffa8967147d3cb7464\download\BIT1C5.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\download\BIT15.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\download\BITC.tmp"
Sat  2 Jun 2007        19,616 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT203.tmp"
Sat  4 Nov 2006       255,443 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\download\BIT20E.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b6ccd5ccf72ffca11e7f7e0165f2082\download\BITE.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\download\BITB.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\512e19b377bd5d52a1e190ecbd7a83eb\download\BIT13.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\download\BIT10.tmp"
Fri 30 Nov 2007     2,567,391 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT1E2.tmp"
Tue 12 Apr 2005     1,577,695 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\download\BIT1C4.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\download\BIT22.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\download\BIT18.tmp"
Sat  3 Jun 2006       204,282 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\BIT1C6.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\download\BIT20.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0d1667f129d439fad31a81898b17830\download\BIT17.tmp"
Thu 20 Apr 2006     1,053,663 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\BIT1DC.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BITD.tmp"
Fri  7 Oct 2005        49,012 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\download\BIT1DB.tmp"
Fri  7 Oct 2005       764,796 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BIT210.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\download\BIT12.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\download\BIT19.tmp"
Tue  7 Aug 2007       371,494 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\download\BIT20F.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\download\BIT1E.tmp"
Sat  1 Jul 2006        35,492 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\download\BIT202.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\download\BIT21.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\download\BITF.tmp"
Fri 28 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\download\BIT11.tmp"
Sat  2 Jun 2007       115,734 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BIT1CB.tmp"

Finished!
 
Annnd...

HijackThis Log...

Code: 
Logfile of HijackThis v1.99.1
Scan saved at 1:53:44 a.m., on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Gangsters2Setup.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193228306609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
Great, just a few final things.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  • O4 - HKLM\..\Run: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
  • O4 - HKLM\..\RunServices: [nqdpb] C:\WINDOWS\system32\nqdpb.exe
Please close all open windows except for HijackThis and choose Fix checked

Please delete the following file:
C:\WINDOWS\system32\awvvt.dll

Please reboot and post a new HijackThis log.
 
Code: 
Logfile of HijackThis v1.99.1
Scan saved at 1:49:17 a.m., on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\G15\G15NetSpeed-0.0.6\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\flashget.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Gangsters2Setup.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193228306609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Sorry for the slow reply :(
 
No problems about the delay, and your logfile now appears to be clean.

I notice that you do not seem to be running antivirus software. This is somewhat suicidal in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measuer.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

I notice you are running both SpySweeper and AVG Antispyware, which is good. You might want to consider installing and running some of the following programs; they are either free or have free versions of commercial programs, and will work alongside SpySweeper and AVG Antispyware to protect you:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
And If you are 100% in never wanting it to happen again, You may want to save some money to buy a Paid for Anti virus. but as ceewi1 said, AVG is an exelent free Anti-Virus. A good free Firewall Is zone alarm. But if you don't want that, Turn on windows firewall, but it's basicly a wall made of straw.
 
Norton 360 sounds good but again it's Norton and I think I'm the only one who likes Norton here lol
 
Sorry for the slow reply...Haha yeah that would most likely be right.. :P Anyothers that you would recommend?
 
You must log in or register to reply here.
Back
Top