1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

please help. lots of probs 1st one bein pop ups and virtumonde

Discussion in 'Virus & Other Malware Removal' started by tshirt2k, Apr 18, 2008.

Thread Status:
Not open for further replies.
  1. tshirt2k

    tshirt2k Thread Starter

    Joined:
    Dec 14, 2006
    Messages:
    10
    Hi i have recently upgrade my pc, done a fresh windows install and i keep getting pop ups and when running adaware it finds nothing. search and destroy finds and fixes virtumonde but it keeps coming back. i have run vundofix which turns up nothing also. Also have been getting some run DLL errors. Along with blue screens and freezing it making me mad. So if i can cure this maybe i can find some info on the net for some other cures.

    thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 16:47:33, on 18/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Russ\Desktop\pc cleaners\hijackthis\alternativ.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {8155F866-D7A1-46AA-B07F-B2B8F2A1AF64} - D:\WINDOWS\system32\vturpomk.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: {e15cda44-8c11-7beb-43c4-90f4d57d866e} - {e668d75d-4f09-4c34-beb7-11c844adc51e} - D:\WINDOWS\system32\dnskibib.dll (file missing)
    O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - D:\WINDOWS\system32\opnklihf.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MyPrivacy] "D:\Program Files\Omniquad MyPrivacy\MyPrivacy\MyPrivacyNT.exe"
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [7801e6f8] rundll32.exe "D:\WINDOWS\system32\aeddcruf.dll",b
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3958] command /c del "D:\WINDOWS\system32\aeddcruf.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4378] cmd /c del "D:\WINDOWS\system32\aeddcruf.dll_old"
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [SpybotDeletingB441] command /c del "D:\WINDOWS\system32\aeddcruf.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3807] cmd /c del "D:\WINDOWS\system32\aeddcruf.dll_old"
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
    O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208207830176
    O20 - Winlogon Notify: opnklihf - D:\WINDOWS\SYSTEM32\opnklihf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Omniquad MyPrivacy - Unknown owner - D:\Program Files\Omniquad MyPrivacy\MyPrivacy\mpsvc.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
     
  2. tshirt2k

    tshirt2k Thread Starter

    Joined:
    Dec 14, 2006
    Messages:
    10
    ComboFix 08-04-17.1 - Russ 2008-04-19 13:19:27.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1625 [GMT 1:00]
    Running from: D:\Documents and Settings\Russ\Desktop\pc cleaners\ComboFix.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\WINDOWS\cookies.ini
    D:\WINDOWS\pskt.ini
    D:\WINDOWS\system32\ashjjgmm.ini
    D:\WINDOWS\system32\ileouhju.dll
    D:\WINDOWS\system32\kmoprutv.ini
    D:\WINDOWS\system32\kmoprutv.ini2
    D:\WINDOWS\system32\mcrh.tmp
    D:\WINDOWS\system32\mmgjjhsa.dll
    D:\WINDOWS\system32\rjgaceej.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
    .

    2008-04-19 11:03 . 2008-04-19 11:03 109,738 --a------ D:\WINDOWS\BM47382752.xml
    2008-04-19 10:32 . 2008-03-01 14:06 6,066,176 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-19 10:32 . 2007-04-17 10:32 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-19 10:32 . 2007-03-08 06:10 991,232 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-19 10:32 . 2008-03-01 14:06 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-19 10:32 . 2008-03-01 14:06 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-19 10:32 . 2008-03-01 14:06 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-19 10:32 . 2008-03-01 14:06 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-19 10:32 . 2008-03-01 14:06 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-19 10:32 . 2008-02-22 11:00 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-18 14:36 . 2008-04-18 14:36 <DIR> d-------- D:\Program Files\Acoustica MP3 Audio Mixer
    2008-04-18 09:48 . 2008-04-18 09:48 <DIR> d-------- D:\spoolerlogs
    2008-04-18 09:00 . 2004-08-04 00:56 1,888,992 --a--c--- D:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-04-18 08:59 . 2001-08-17 13:28 762,780 --a--c--- D:\WINDOWS\system32\dllcache\3cwmcru.sys
    2008-04-18 08:09 . 2008-04-18 08:09 <DIR> d-------- D:\Program Files\Panda Security
    2008-04-18 08:05 . 2008-04-18 08:05 92,736 --------- D:\WINDOWS\system32\dnskibib.dll_old
    2008-04-18 08:03 . 2008-04-18 15:59 894 ---hs---- D:\WINDOWS\system32\furcddea.ini
    2008-04-17 08:39 . 2008-04-17 08:39 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
    2008-04-17 08:14 . 2008-04-17 08:16 <DIR> d-------- D:\WINDOWS\NV35923596.TMP
    2008-04-17 08:14 . 2007-12-10 14:24 159,458 --a------ D:\WINDOWS\system32\nvapps.nvb
    2008-04-17 08:08 . 2008-04-17 08:08 <DIR> d-------- D:\NVIDIA
    2008-04-17 07:53 . 2008-04-17 08:52 1,524,190 ---hs---- D:\WINDOWS\system32\lmrjsdmk.ini
    2008-04-16 12:51 . 2008-04-16 12:51 <DIR> d-------- D:\Program Files\Support Tools
    2008-04-16 11:54 . 2008-04-19 10:59 <DIR> d-------- D:\Documents and Settings\olivia\Application Data\MyPrivacy
    2008-04-16 11:53 . 2008-04-19 11:01 <DIR> d-------- D:\Documents and Settings\olivia
    2008-04-16 11:53 . 2008-04-19 13:22 1,024 --ah----- D:\Documents and Settings\olivia\ntuser.dat.LOG
    2008-04-16 10:36 . 2008-04-16 10:36 <DIR> d-------- D:\Program Files\Marsu-Fix
    2008-04-16 10:36 . 2008-04-16 10:36 159,839 --a------ D:\WINDOWS\Marsu-Fix Uninstaller.exe
    2008-04-16 10:36 . 2008-03-03 14:25 5,702 --ah----- D:\WINDOWS\nod32restoretemdono.reg
    2008-04-16 10:36 . 2008-03-03 18:21 568 --ah----- D:\WINDOWS\nod32fixtemdono.reg
    2008-04-16 10:33 . 2008-04-16 10:33 <DIR> d-------- D:\Program Files\ESET
    2008-04-16 10:33 . 2008-04-16 10:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
    2008-04-16 10:31 . 2008-04-16 10:31 <DIR> d-------- D:\Program Files\Lavasoft
    2008-04-16 10:31 . 2008-04-16 10:31 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-16 10:01 . 2008-04-16 10:01 392,218 --a------ D:\WINDOWS\system32\vturpomk.dll
    2008-04-16 09:37 . 2008-04-16 09:51 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
    2008-04-16 09:23 . 2008-04-17 09:25 <DIR> d-------- D:\VundoFix Backups
    2008-04-16 09:06 . 2008-04-18 16:30 727 --a------ D:\WINDOWS\wininit.ini
    2008-04-16 08:30 . 2008-04-16 09:26 <DIR> d-------- D:\fixwareout
    2008-04-16 08:23 . 2008-04-16 09:38 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-16 08:19 . 2008-04-16 08:25 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\Lavasoft
    2008-04-16 00:14 . 2008-04-16 08:29 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
    2008-04-15 23:49 . 2008-04-15 23:49 <DIR> d-------- D:\!KillBox
    2008-04-15 23:48 . 2008-04-15 23:48 <DIR> d-------- D:\Program Files\EPSON Print CD
    2008-04-15 23:46 . 2008-04-15 23:48 <DIR> d-------- D:\Program Files\EPSON
    2008-04-15 23:46 . 2004-11-25 06:07 79,679 --a------ D:\WINDOWS\system32\E_FLMAIE.DLL
    2008-04-15 23:46 . 2003-05-21 03:27 64,000 --a------ D:\WINDOWS\system32\E_FBCBAIE.DLL
    2008-04-15 23:46 . 2004-09-10 21:12 49,152 --a------ D:\WINDOWS\system32\E_DCINST.DLL
    2008-04-15 23:46 . 2000-06-07 02:01 34,304 --a------ D:\WINDOWS\system32\E_FBCHAIE.DLL
    2008-04-15 23:46 . 2008-04-15 23:46 25 --a------ D:\WINDOWS\CDER220.ini
    2008-04-15 23:43 . 2001-05-17 14:25 339,968 -ra------ D:\WINDOWS\system32\N067UFW.dll
    2008-04-15 23:43 . 2001-05-16 17:21 323,644 -ra------ D:\WINDOWS\system32\UCS32P.DLL
    2008-04-15 23:43 . 2001-05-16 17:21 126,976 -ra------ D:\WINDOWS\system32\SG62UUD.DLL
    2008-04-15 23:43 . 2001-05-16 17:21 28,720 -ra------ D:\WINDOWS\system32\SG62CPL.DLL
    2008-04-15 23:43 . 2004-08-03 22:58 15,104 --a------ D:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-15 23:43 . 2004-08-03 22:58 15,104 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-15 23:42 . 2008-04-16 08:07 1,602,962 --ahs---- D:\WINDOWS\system32\ocvilhgg.ini
    2008-04-15 23:41 . 2008-04-15 23:41 396,267 --a------ D:\WINDOWS\system32\fccaayax.dll_old
    2008-04-15 00:05 . 2008-04-15 00:05 <DIR> d-------- D:\WINDOWS\system32\bharebio01
    2008-04-15 00:05 . 2008-04-15 00:05 34,099 --a------ D:\WINDOWS\system32\opnklihf.dll
    2008-04-15 00:01 . 2008-04-15 00:01 <DIR> d-------- D:\Program Files\PowerQuest
    2008-04-14 23:53 . 2008-04-15 00:10 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\BitTorrent
    2008-04-14 23:34 . 2008-04-14 23:34 <DIR> d-------- D:\Program Files\Common Files\Adobe
    2008-04-14 23:34 . 2008-04-14 23:34 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\AdobeUM
    2008-04-14 23:26 . 2008-04-14 23:26 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\Ahead
    2008-04-14 23:25 . 2008-04-14 23:25 <DIR> d-------- D:\Program Files\Nero
    2008-04-14 23:25 . 2008-04-14 23:26 <DIR> d-------- D:\Program Files\Common Files\Ahead
    2008-04-14 23:25 . 2008-04-14 23:25 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
    2008-04-14 23:24 . 2008-04-14 23:24 <DIR> d-------- D:\Program Files\DNA
    2008-04-14 23:24 . 2008-04-14 23:24 <DIR> d-------- D:\Program Files\BitTorrent_DNA
    2008-04-14 23:24 . 2008-04-14 23:24 <DIR> d-------- D:\Program Files\BitTorrent
    2008-04-14 23:24 . 2008-04-19 13:20 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\DNA
    2008-04-14 23:24 . 2008-04-14 23:24 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\BitTorrent DNA
    2008-04-14 23:17 . 2008-04-19 13:14 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\MyPrivacy
    2008-04-14 23:17 . 2008-04-14 23:17 37 --a------ D:\WINDOWS\mrddll.dat
    2008-04-14 23:16 . 2008-04-14 23:16 <DIR> d-------- D:\Program Files\Omniquad MyPrivacy
    2008-04-14 23:16 . 2008-04-14 23:16 737,280 --a------ D:\WINDOWS\iun6002.exe
    2008-04-14 23:06 . 2008-04-14 23:06 0 --a------ D:\WINDOWS\msicpl.ini
    2008-04-14 22:59 . 2008-04-14 22:59 <DIR> d-------- D:\Program Files\Shareaza
    2008-04-14 22:59 . 2008-04-14 22:59 <DIR> d-------- D:\Documents and Settings\Russ\Application Data\Shareaza
    2008-04-14 22:39 . 2008-04-14 22:39 <DIR> d-------- D:\Program Files\Google
    2008-04-14 22:39 . 2008-04-19 10:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-14 22:35 . 2008-04-19 11:05 <DIR> d--h----- D:\WINDOWS\$hf_mig$
    2008-04-14 22:26 . 2008-04-14 22:26 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
    2008-04-14 22:25 . 2008-04-14 22:25 <DIR> d-------- D:\Program Files\Sygate
    2008-04-14 22:25 . 2004-08-10 17:05 83,096 --a------ D:\WINDOWS\system32\SSSensor.dll
    2008-04-14 22:25 . 2004-08-10 16:51 59,984 --a------ D:\WINDOWS\system32\drivers\Teefer.sys
    2008-04-14 22:25 . 2004-08-10 16:53 21,075 --a------ D:\WINDOWS\system32\drivers\wpsdrvnt.sys
    2008-04-14 22:25 . 2004-08-10 17:05 14,240 --a------ D:\WINDOWS\system32\drivers\wg6n.sys
    2008-04-14 22:25 . 2004-08-10 17:05 14,240 --a------ D:\WINDOWS\system32\drivers\wg5n.sys
    2008-04-14 22:25 . 2004-08-10 17:05 14,240 --a------ D:\WINDOWS\system32\drivers\wg4n.sys
    2008-04-14 22:25 . 2004-08-10 17:05 14,240 --a------ D:\WINDOWS\system32\drivers\wg3n.sys
    2008-04-14 22:18 . 2007-07-30 19:19 43,352 --a------ D:\WINDOWS\system32\wups2.dll
    2008-04-14 22:18 . 2007-07-30 19:18 34,136 --a------ D:\WINDOWS\system32\wucltui.dll.mui
    2008-04-14 22:18 . 2007-07-30 19:19 25,944 --a------ D:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-04-14 22:18 . 2007-07-30 19:19 25,944 --a------ D:\WINDOWS\system32\wuapi.dll.mui
    2008-04-14 22:18 . 2007-07-30 19:18 20,312 --a------ D:\WINDOWS\system32\wuaueng.dll.mui
    2008-04-14 22:16 . 2008-04-14 22:16 <DIR> d--hs---- D:\Documents and Settings\Russ\UserData
    2008-04-14 22:11 . 2008-04-14 21:36 <DIR> dr------- D:\Documents and Settings\All Users\Documents
    2008-04-14 22:11 . 2007-05-27 04:17 676,224 --a------ D:\WINDOWS\system32\OGACheckControl.dll
    2008-04-14 22:10 . 2004-08-04 02:57 1,086,058 -ra------ D:\WINDOWS\SET20.tmp
    2008-04-14 22:10 . 2004-08-04 03:03 1,042,903 -ra------ D:\WINDOWS\SET1D.tmp
    2008-04-14 22:10 . 2004-08-04 02:58 13,753 -ra------ D:\WINDOWS\SET2C.tmp
    2008-04-14 22:09 . 2008-04-14 21:37 <DIR> d--h----- D:\Documents and Settings\Default User
    2008-04-14 22:09 . 2008-04-14 21:36 <DIR> d-------- D:\Documents and Settings\All Users
    2008-04-14 22:08 . 2008-04-19 13:20 <DIR> d-------- D:\Documents and Settings\Russ
    2008-04-14 22:08 . 2008-04-19 13:23 36,864 --ah----- D:\Documents and Settings\Russ\ntuser.dat.LOG
    2008-04-14 22:06 . 2008-04-17 08:07 <DIR> d-------- D:\My Download Files
    2008-04-14 22:04 . 2008-04-14 22:04 <DIR> d-------- D:\WINDOWS\Cache
    2008-04-14 22:01 . 2008-04-17 08:16 <DIR> d-------- D:\WINDOWS\nview
    2008-04-14 22:01 . 2007-12-05 01:41 356,352 --a------ D:\WINDOWS\system32\nvudisp.exe
    2008-04-14 22:01 . 2008-04-17 08:16 161,934 --a------ D:\WINDOWS\system32\nvapps.xml
    2008-04-14 22:01 . 2007-12-05 01:41 17,737 --a------ D:\WINDOWS\system32\nvdisp.nvu
    2008-04-14 22:01 . 2007-06-28 17:43 17,254 --a------ D:\WINDOWS\system32\nvwsapps.xml
    2008-03-28 15:50 . 2008-03-28 16:24 288 --a------ D:\WINDOWS\packegtag.reg

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 22:48 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2008-04-14 20:58 --------- d-----w D:\Program Files\ASUS
    2008-04-14 20:56 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
    2008-04-14 20:56 --------- d-----w D:\Program Files\Common Files\InstallShield
    2008-04-14 20:56 --------- d-----w D:\Program Files\ASUS WiFi-AP Solo
    2008-04-14 20:54 --------- d-----w D:\Program Files\Marvell
    2008-04-14 20:48 --------- d-----w D:\Program Files\Analog Devices
    2008-04-14 20:41 --------- d-----w D:\Program Files\Intel
    2008-04-14 20:08 --------- d-----w D:\Program Files\microsoft frontpage
    2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys
    2008-03-13 15:52 33,800 ----a-w D:\WINDOWS\system32\drivers\epfwtdir.sys
    2008-03-13 15:44 29,704 ----a-w D:\WINDOWS\system32\drivers\easdrv.sys
    2008-03-13 15:43 40,456 ----a-w D:\WINDOWS\system32\drivers\eamon.sys
    2008-03-01 13:06 826,368 ----a-w D:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w D:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w D:\WINDOWS\system32\dnsrslvr.dll
    2006-06-23 06:48 32,768 ----a-r D:\WINDOWS\inf\UpdateUSB.exe
    .
    Code:
    <pre>
    ----a-w            93,696 2004-09-29 19:44:52  D:\Documents and Settings\Russ\My Documents\radio\Becker\Becker4digit .exe
    ----a-w           185,856 2004-09-29 19:44:54  D:\Documents and Settings\Russ\My Documents\radio\Blaupunkt\Blaupunkt Peugeot T1 Code Viewer .exe
    ----a-w            32,768 2004-09-29 19:44:54  D:\Documents and Settings\Russ\My Documents\radio\Ford\FordLC .exe
    </pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58DCF18C-E676-4B01-A97F-0FD2093B6593}]
    2008-04-16 10:01 392218 --a------ D:\WINDOWS\system32\vturpomk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
    2008-04-15 00:05 34099 --a------ D:\WINDOWS\system32\opnklihf.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "BitTorrent DNA"="D:\Program Files\DNA\btdna.exe" [2008-04-14 23:24 288576]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
    "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 D:\WINDOWS\system32\nwiz.exe]
    "SmcService"="D:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]
    "MyPrivacy"="D:\Program Files\Omniquad MyPrivacy\MyPrivacy\MyPrivacyNT.exe" [2004-03-31 07:02 602112]
    "egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
    "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [ ]

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ASUS WiFi-AP Solo.lnk - D:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2008-04-14 21:56:13 987136]
    Google Updater.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-14 22:39:20 124400]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= D:\WINDOWS\system32\opnklihf.dll [2008-04-15 00:05 34099]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklihf]
    opnklihf.dll 2008-04-15 00:05 34099 D:\WINDOWS\system32\opnklihf.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Shareaza\\Shareaza.exe"=
    "D:\\Program Files\\BitTorrent_DNA\\dna.exe"=
    "D:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "D:\\Program Files\\DNA\\btdna.exe"=
    "D:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

    R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 08:30]
    R3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39]

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-19 13:22:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: D:\WINDOWS\system32\winlogon.exe
    -> D:\WINDOWS\system32\opnklihf.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Program Files\Sygate\SPF\Smc.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Omniquad MyPrivacy\MyPrivacy\mpsvc.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\cscript.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-19 13:24:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-19 12:23:58
    ComboFix2.txt 2008-04-16 10:19:06

    Pre-Run: 490,255,511,552 bytes free
    Post-Run: 490,241,212,416 bytes free
    .
    2008-04-19 10:05:53 --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704932

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice