cant get rid of virus.win32.virut.q

Computing.Net > Forums > Security and Virus > cant get rid of virus.win32.virut.q

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

cant get rid of virus.win32.virut.q

Name: Micko32syd
Date: October 3, 2007 at 07:16:59 Pacific
OS: Xp Professiona Edition Se
CPU/Ram: AMD 64 3700+/Geil Dual Ch
Product: Micko Special

Comment:

im Running Optus Internet Security Suite, i beleive its made by F-Secure every half hour or so i get a popup saying it had found - virus.win32.virut.g, ive tried deleting and disinfecting, it says its gone, yet half an hour later it pops up again.
ive ran AVG full scan found nothing, same with Oputs, though 20 mins later there it is again, disinfecting it, deleting it, and still no joy. and now,(this is probably totaly unrelated, but u never know) when i go to check my mail, it gets halfway done, then re-boots my modem, its driving me insane.
any help would be much appreciated

Smicko

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: October 3, 2007 at 18:10:06 Pacific

Reply:

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Run Vundofix again.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: Micko32syd
Date: October 6, 2007 at 01:52:27 Pacific

Reply:

VundoFix V6.5.9
Checking Java version...
Scan started at 4:18:57 PM 6/10/2007
Listing files found while scanning....
No infected files were found.

Beginning removal...
VundoFix V6.5.9
Checking Java version...
Scan started at 4:26:35 PM 6/10/2007
Listing files found while scanning....
No infected files were found.

Beginning removal...
Smicko

Response Number 3

Name: Micko32syd
Date: October 6, 2007 at 01:53:30 Pacific

Reply:

ComboFix 07-10-04.6 - Michael 2007-10-06 16:33:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1364 [GMT 10:00]
Running from: D:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.
2007-10-06 16:32 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-10-06 09:22 740,442 --a------ D:\WINDOWS\system32\divx.dll
2007-10-06 09:22 73,728 --a------ D:\WINDOWS\system32\dpl100.dll
2007-10-06 09:22 7,680 --a------ D:\WINDOWS\system32\ff_vfw.dll
2007-10-06 09:22 3,596,288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2007-10-06 09:22 282,624 --a------ D:\WINDOWS\system32\xvidvfw.dll
2007-10-06 09:22 217,088 --a------ D:\WINDOWS\system32\yv12vfw.dll
2007-10-06 09:22 163,840 --a------ D:\WINDOWS\system32\unrar.dll
2007-10-06 09:22 1,559,040 --a------ D:\WINDOWS\system32\xvidcore.dll
2007-10-06 09:22 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2007-10-05 14:01 <DIR> d-------- D:\Program Files\Rockstar Games
2007-10-03 22:35 <DIR> d-------- D:\Documents and Settings\Michael\awc_MichaelDicko
2007-10-03 15:58 <DIR> d-------- D:\VundoFix Backups
2007-10-03 15:57 116,224 --a------ D:\VundoFix.exe
2007-10-02 20:12 <DIR> d-------- D:\Program Files\DVD Region+CSS Free
2007-09-30 11:18 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ulead Systems
2007-09-30 11:18 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ulead Systems
2007-09-30 11:18 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ulead Systems
2007-09-29 22:36 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ahead
2007-09-29 22:36 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ahead
2007-09-29 22:36 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ahead
2007-09-29 22:33 <DIR> d-------- D:\Program Files\Nero
2007-09-29 22:33 <DIR> d-------- D:\Program Files\Common Files\Ahead
2007-09-29 22:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2007-09-29 18:30 <DIR> d-------- D:\Program Files\iTunes
2007-09-29 18:30 <DIR> d-------- D:\Program Files\iPod
2007-09-29 15:12 <DIR> d-------- D:\Program Files\ASUS
2007-09-29 14:01 33,280 --a------ D:\WINDOWS\system32\drivers\AmdLLD.sys
2007-09-29 13:41 <DIR> d-------- D:\Documents and Settings\Michael\Contacts
2007-09-29 13:33 <DIR> d-------- D:\Program Files\MSN Messenger
2007-09-29 11:13 <DIR> d-------- D:\Program Files\vcmm
2007-09-25 17:36 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe
2007-09-25 17:36 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-25 17:36 103,736 --a------ D:\WINDOWS\system32\PnkBstrB.exe
2007-09-24 21:58 0 --a------ D:\WINDOWS\PowerReg.dat
2007-09-24 21:58 <DIR> d-------- D:\Program Files\Infogrames Interactive
2007-09-24 21:30 409,600 --a------ D:\WINDOWS\system32\wrap_oal.dll
2007-09-24 21:30 114,688 --a------ D:\WINDOWS\system32\OpenAL32.dll
2007-09-24 21:30 <DIR> d-------- D:\Program Files\OpenAL
2007-09-24 21:29 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2007-09-24 21:29 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2007-09-24 21:26 <DIR> d-------- D:\Program Files\GameSpy Arcade
2007-09-24 21:26 <DIR> d-------- D:\Program Files\Codemasters
2007-09-24 21:26 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InstallShield
2007-09-24 21:26 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InstallShield
2007-09-24 21:26 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InstallShield
2007-09-24 21:17 <DIR> d-------- D:\Program Files\Activision Value
2007-09-24 21:13 <DIR> d-------- D:\Program Files\EA SPORTS
2007-09-24 16:35 <DIR> d-------- D:\Program Files\eBay
2007-09-24 16:35 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-09-23 18:56 <DIR> d-------- D:\Program Files\GameArena
2007-09-23 10:56 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-09-23 00:12 <DIR> d-------- D:\Program Files\Valve
2007-09-22 22:33 <DIR> d-------- D:\Program Files\Empire Interactive
2007-09-22 21:30 <DIR> d-------- D:\WINDOWS\system32\windows media
2007-09-22 21:04 <DIR> d-------- D:\Program Files\Ulead Systems
2007-09-22 21:04 <DIR> d-------- D:\Program Files\Common Files\Ulead Systems
2007-09-22 21:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-09-22 19:22 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-22 19:19 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Teleca
2007-09-22 19:19 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Teleca
2007-09-22 19:19 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Teleca
2007-09-22 19:17 <DIR> d-------- D:\Program Files\Sony Ericsson
2007-09-22 19:17 <DIR> d-------- D:\Program Files\Common Files\Teleca Shared
2007-09-22 19:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Teleca
2007-09-22 19:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-22 17:37 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-09-22 17:37 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2007-09-22 17:36 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll
2007-09-22 17:35 <DIR> d-------- D:\Program Files\MSBuild
2007-09-22 17:35 <DIR> d-------- D:\Program Files\Microsoft Works
2007-09-22 17:32 <DIR> d-------- D:\WINDOWS\SHELLNEW
2007-09-22 17:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-22 17:31 <DIR> dr-h----- D:\MSOCache
2007-09-22 17:01 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InterVideo
2007-09-22 17:01 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InterVideo
2007-09-22 17:01 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InterVideo
2007-09-22 16:57 <DIR> d-------- D:\Program Files\InterVideo Information Service
2007-09-22 16:57 <DIR> d-------- D:\Program Files\Common Files\Ulead
2007-09-22 16:56 <DIR> d-------- D:\Program Files\InterVideo
2007-09-22 16:56 <DIR> d-------- D:\Program Files\Common Files\InterVideo
2007-09-22 16:26 <DIR> d-------- D:\Program Files\DVD Region-Free
2007-09-22 09:43 4,302 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2007-09-22 09:37 <DIR> d-------- D:\Program Files\Electronic Arts
2007-09-22 09:22 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-09-22 07:44 <DIR> d-------- D:\Program Files\EA GAMES
2007-09-22 00:12 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-22 00:12 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-22 00:12 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-21 23:48 1,732,608 --a------ D:\iMEDIAN.exe
2007-09-21 23:46 45,060 --a------ D:\WINDOWS\system32\drivers\TG_iMON.sys
2007-09-21 23:46 <DIR> d-------- D:\Program Files\SOUNDGRAPH
2007-09-21 23:46 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\SOUNDGRAPH
2007-09-21 23:46 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\SOUNDGRAPH
2007-09-21 23:46 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\SOUNDGRAPH
2007-09-21 23:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SOUNDGRAPH
2007-09-21 23:40 <DIR> d-------- D:\Program Files\Azureus
2007-09-21 23:37 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Apple Computer
2007-09-21 23:37 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Apple Computer
2007-09-21 23:37 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 1ocuments and Settings\Michael\Application Data\F-Secure
2007-09-29 1ocuments and Settings\Michael\Application Data\F-Secure
2007-09-29 1ocuments and Settings\Michael\Application Data\F-Secure
2007-09-29 17:19 28400 --a------ D:\WINDOWS\system32\drivers\secdrv.sys
2007-09-24 2rogram Files\Optus Internet Security Suite
2007-09-24 20:36 51040 --a------ D:\WINDOWS\system32\drivers\fsdfw.sys
2007-09-24 20:36 30016 --a------ D:\WINDOWS\system32\drivers\fsndis5.sys
2007-09-21 22:37 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-21 22:37 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-09-21 1ocuments and Settings\All Users\Application Data\F-Secure
2007-09-21 1ocuments and Settings\All Users\Application Data\fssg
2007-09-21 1rogram Files\microsoft frontpage
2007-09-17 01:07 8491008 --a------ D:\WINDOWS\system32\nvcpl.dll
2007-09-17 01:07 81920 --a------ D:\WINDOWS\system32\nvwddi.dll
2007-09-17 01:07 81920 --a------ D:\WINDOWS\system32\nvmctray.dll
2007-09-17 01:07 753664 --a------ D:\WINDOWS\system32\nvcplui.exe
2007-09-17 01:07 6853088 --a------ D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 01:07 6746112 --a------ D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 01:07 6344704 --a------ D:\WINDOWS\system32\nvdisps.dll
2007-09-17 01:07 5783040 --a------ D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 01:07 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07 45056 --a------ D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 01:07 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07 425984 --a------ D:\WINDOWS\system32\keystone.exe
2007-09-17 01:07 36864 --a------ D:\WINDOWS\system32\nvcodins.dll
2007-09-17 01:07 36864 --a------ D:\WINDOWS\system32\nvcod.dll
2007-09-17 01:07 364544 --a------ D:\WINDOWS\system32\nvapi.dll
2007-09-17 01:07 3551232 --a------ D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 01:07 3334144 --a------ D:\WINDOWS\system32\nvgames.dll
2007-09-17 01:07 307200 --a------ D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 01:07 286720 --a------ D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 01:07 2371584 --a------ D:\WINDOWS\system32\nvwss.dll
2007-09-17 01:07 229376 --a------ D:\WINDOWS\system32\nvmccs.dll
2007-09-17 01:07 188416 --a------ D:\WINDOWS\system32\nvmccss.dll
2007-09-17 01:07 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07 1626112 --a------ D:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07 155716 --a------ D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 01:07 1478656 --a------ D:\WINDOWS\system32\nview.dll
2007-09-17 01:07 147456 --a------ D:\WINDOWS\system32\nvcolor.exe
2007-09-17 01:07 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07 1150976 --a------ D:\WINDOWS\system32\nvmobls.dll
2007-09-17 01:07 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="D:\Program Files\Optus Internet Security Suite\Common\FSM32.exe" [2007-04-27 03:12]
"F-Secure TNB"="D:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" [2007-04-27 03:10]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 17:00 D:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 D:\WINDOWS\system32\nwiz.exe]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.exe" [2006-03-18 12:24]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 D:\WINDOWS\KHALMNPR.Exe]
"Logitech BT Wizard"="LBTWiz.exe" []
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iMON"="D:\Program Files\SOUNDGRAPH\iMON\iMON.exe" [2007-09-21 23:48]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"eBayToolbar"="D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-24 16:35]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="d:\program files\valve\steam\steam.exe" [2007-10-05 11:54]
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-21 22:36:55]
D:\Documents and Settings\Michael\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [2006-10-26 20:24:54]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-21 22:36:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 15:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
d:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 d:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
R0 FSFW;F-Secure Firewall Driver;D:\WINDOWS\system32\drivers\fsdfw.sys
R0 viamraid;viamraid;D:\WINDOWS\system32\drivers\viamraid.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\D:\Program Files\Optus Internet Security Suite\HIPS\fshs.sys
R3 AmdLLD;AMD Low Level Device Driver;D:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;D:\WINDOWS\system32\DRIVERS\dvc325.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\Program Files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys
R3 SGIR;SGIR;D:\WINDOWS\system32\drivers\iMON_PAD.sys
S3 SGHIDI;SGHIDI;D:\WINDOWS\system32\drivers\TG_iMON.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\D:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 08:29:04 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 16:36:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-06 16:38:04
.
--- E O F ---

Smicko

Response Number 4

Name: Micko32syd
Date: October 6, 2007 at 01:54:45 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:08 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Optus Internet Security Suite\Common\FSM32.exe
D:\WINDOWS\SOUNDMAN.exe
D:\Program Files\PowerISO\PWRISOVM.exe
D:\Program Files\Logitech\SetPoint\LBTWiz.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\SOUNDGRAPH\iMON\iMON.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
D:\WINDOWS\system32\RUNDLL32.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\valve\steam\steam.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
D:\Program Files\Optus Internet Security Suite\Common\FSMA32.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.exe
D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
D:\Program Files\Optus Internet Security Suite\Common\FSMB32.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Optus Internet Security Suite\Common\FCH32.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Optus Internet Security Suite\Common\FAMEH32.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsqh.exe
D:\Program Files\Optus Internet Security Suite\FSPC\fspc.exe
D:\Program Files\Optus Internet Security Suite\FSGUI\fsguidll.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
D:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsus.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Optus Internet Security Suite\Common\FSM32.exe" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iMON] D:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [eBayToolbar] D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asus...
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.130.69/DGTx.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\Common\FSMA32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - D:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 11362 bytes
Thanks Guys and Gals
Smicko

Response Number 5

Name: jabuck
Date: October 6, 2007 at 18:07:21 Pacific

Reply:

Please download “Avenger” by swandog46 to your desktop from this link Avenger
1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop
2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
D:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
Run Hijack This, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.130.69/DGTx.CAB
Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Post a new Combofix log. Let us know how the computer is operating.

wsusscn2.cab download teleca shared virus irql_not_less_or_equal nvdisp.dll	virut virus Security Tool virus win32/virut
See More

Response Number 6

Name: Micko32syd
Date: October 7, 2007 at 02:50:49 Pacific

Reply:

Ok, All done, Here are the Logs:
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:10 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Optus Internet Security Suite\Common\FSM32.exe
D:\WINDOWS\SOUNDMAN.exe
D:\Program Files\PowerISO\PWRISOVM.exe
D:\Program Files\Logitech\SetPoint\LBTWiz.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\SOUNDGRAPH\iMON\iMON.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
D:\WINDOWS\system32\RUNDLL32.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\valve\steam\steam.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
D:\Program Files\Optus Internet Security Suite\Common\FSMA32.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.exe
D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\Program Files\Optus Internet Security Suite\Common\FSMB32.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Optus Internet Security Suite\Common\FCH32.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Optus Internet Security Suite\Common\FAMEH32.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsqh.exe
D:\Program Files\Optus Internet Security Suite\FSPC\fspc.exe
D:\Program Files\Optus Internet Security Suite\FSGUI\fsguidll.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
D:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsus.exe
D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Optus Internet Security Suite\Common\FSM32.exe" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iMON] D:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [eBayToolbar] D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asus...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Optus Internet Security Suite\Common\FSMA32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - D:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 11195 bytes

Smicko

Response Number 7

Name: Micko32syd
Date: October 7, 2007 at 02:54:40 Pacific

Reply:

ComboFix:
ComboFix 07-10-04.6 - Michael 2007-10-07 19:43:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1421 [GMT 10:00]
Running from: D:\Documents and Settings\Michael\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.
2007-10-06 16:39 <DIR> d-------- D:\Program Files\Trend Micro
2007-10-06 16:32 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-10-06 09:22 740,442 --a------ D:\WINDOWS\system32\divx.dll
2007-10-06 09:22 73,728 --a------ D:\WINDOWS\system32\dpl100.dll
2007-10-06 09:22 7,680 --a------ D:\WINDOWS\system32\ff_vfw.dll
2007-10-06 09:22 3,596,288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2007-10-06 09:22 282,624 --a------ D:\WINDOWS\system32\xvidvfw.dll
2007-10-06 09:22 217,088 --a------ D:\WINDOWS\system32\yv12vfw.dll
2007-10-06 09:22 163,840 --a------ D:\WINDOWS\system32\unrar.dll
2007-10-06 09:22 1,559,040 --a------ D:\WINDOWS\system32\xvidcore.dll
2007-10-06 09:22 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2007-10-05 14:01 <DIR> d-------- D:\Program Files\Rockstar Games
2007-10-03 22:35 <DIR> d-------- D:\Documents and Settings\Michael\awc_MichaelDicko
2007-10-03 15:58 <DIR> d-------- D:\VundoFix Backups
2007-10-03 15:57 116,224 --a------ D:\VundoFix.exe
2007-10-02 20:12 <DIR> d-------- D:\Program Files\DVD Region+CSS Free
2007-09-30 11:18 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ulead Systems
2007-09-29 22:36 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Ahead
2007-09-29 22:33 <DIR> d-------- D:\Program Files\Nero
2007-09-29 22:33 <DIR> d-------- D:\Program Files\Common Files\Ahead
2007-09-29 22:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2007-09-29 18:30 <DIR> d-------- D:\Program Files\iTunes
2007-09-29 18:30 <DIR> d-------- D:\Program Files\iPod
2007-09-29 15:12 <DIR> d-------- D:\Program Files\ASUS
2007-09-29 14:01 33,280 --a------ D:\WINDOWS\system32\drivers\AmdLLD.sys
2007-09-29 13:41 <DIR> d-------- D:\Documents and Settings\Michael\Contacts
2007-09-29 13:33 <DIR> d-------- D:\Program Files\MSN Messenger
2007-09-29 11:13 <DIR> d-------- D:\Program Files\vcmm
2007-09-25 17:36 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe
2007-09-25 17:36 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-25 17:36 103,736 --a------ D:\WINDOWS\system32\PnkBstrB.exe
2007-09-24 21:58 0 --a------ D:\WINDOWS\PowerReg.dat
2007-09-24 21:58 <DIR> d-------- D:\Program Files\Infogrames Interactive
2007-09-24 21:30 409,600 --a------ D:\WINDOWS\system32\wrap_oal.dll
2007-09-24 21:30 114,688 --a------ D:\WINDOWS\system32\OpenAL32.dll
2007-09-24 21:30 <DIR> d-------- D:\Program Files\OpenAL
2007-09-24 21:29 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2007-09-24 21:29 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2007-09-24 21:26 <DIR> d-------- D:\Program Files\GameSpy Arcade
2007-09-24 21:26 <DIR> d-------- D:\Program Files\Codemasters
2007-09-24 21:26 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InstallShield
2007-09-24 21:17 <DIR> d-------- D:\Program Files\Activision Value
2007-09-24 21:13 <DIR> d-------- D:\Program Files\EA SPORTS
2007-09-24 16:35 <DIR> d-------- D:\Program Files\eBay
2007-09-24 16:35 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-09-23 18:56 <DIR> d-------- D:\Program Files\GameArena
2007-09-23 10:56 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-09-23 00:12 <DIR> d-------- D:\Program Files\Valve
2007-09-22 22:33 <DIR> d-------- D:\Program Files\Empire Interactive
2007-09-22 21:30 <DIR> d-------- D:\WINDOWS\system32\windows media
2007-09-22 21:04 <DIR> d-------- D:\Program Files\Ulead Systems
2007-09-22 21:04 <DIR> d-------- D:\Program Files\Common Files\Ulead Systems
2007-09-22 21:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-09-22 19:22 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-22 19:19 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Teleca
2007-09-22 19:17 <DIR> d-------- D:\Program Files\Sony Ericsson
2007-09-22 19:17 <DIR> d-------- D:\Program Files\Common Files\Teleca Shared
2007-09-22 19:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Teleca
2007-09-22 19:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-22 17:37 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-09-22 17:37 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2007-09-22 17:36 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll
2007-09-22 17:35 <DIR> d-------- D:\Program Files\MSBuild
2007-09-22 17:35 <DIR> d-------- D:\Program Files\Microsoft Works
2007-09-22 17:32 <DIR> d-------- D:\WINDOWS\SHELLNEW
2007-09-22 17:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-22 17:31 <DIR> dr-h----- D:\MSOCache
2007-09-22 17:01 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\InterVideo
2007-09-22 16:57 <DIR> d-------- D:\Program Files\InterVideo Information Service
2007-09-22 16:57 <DIR> d-------- D:\Program Files\Common Files\Ulead
2007-09-22 16:56 <DIR> d-------- D:\Program Files\InterVideo
2007-09-22 16:56 <DIR> d-------- D:\Program Files\Common Files\InterVideo
2007-09-22 16:26 <DIR> d-------- D:\Program Files\DVD Region-Free
2007-09-22 09:43 4,302 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2007-09-22 09:37 <DIR> d-------- D:\Program Files\Electronic Arts
2007-09-22 09:22 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-09-22 07:44 <DIR> d-------- D:\Program Files\EA GAMES
2007-09-22 00:12 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-21 23:48 1,732,608 --a------ D:\iMEDIAN.exe
2007-09-21 23:46 45,060 --a------ D:\WINDOWS\system32\drivers\TG_iMON.sys
2007-09-21 23:46 <DIR> d-------- D:\Program Files\SOUNDGRAPH
2007-09-21 23:46 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\SOUNDGRAPH
2007-09-21 23:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SOUNDGRAPH
2007-09-21 23:40 <DIR> d-------- D:\Program Files\Azureus
2007-09-21 23:37 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Apple Computer
2007-09-21 23:36 <DIR> d-------- D:\Program Files\QuickTime
2007-09-21 23:36 <DIR> d-------- D:\Program Files\Common Files\Apple
2007-09-21 23:36 <DIR> d-------- D:\Program Files\Apple Software Update
2007-09-21 23:36 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-21 23:36 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2007-09-21 22:47 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Azureus
2007-09-21 22:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Azureus
2007-09-21 22:46 <DIR> d-------- D:\Program Files\NVIDIA Corporation
2007-09-21 22:42 53,760 --a--c--- D:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-21 22:42 53,760 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2007-09-21 22:42 17,024 --a--c--- D:\WINDOWS\system32\dllcache\ccdecode.sys
2007-09-21 22:42 17,024 --a------ D:\WINDOWS\system32\drivers\CCDECODE.sys
2007-09-21 22:40 <DIR> d-------- D:\Documents and Settings\Michael\Bluetooth Software
2007-09-21 22:39 <DIR> d-------- D:\Documents and Settings\Michael\Application Data\Logitech
2007-09-21 22:37 34,576 --a------ D:\WINDOWS\system32\drivers\LHidFilt.Sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 1ocuments and Settings\Michael\Application Data\F-Secure
2007-09-29 17:19 28400 --a------ D:\WINDOWS\system32\drivers\secdrv.sys
2007-09-24 2rogram Files\Optus Internet Security Suite
2007-09-24 20:36 51040 --a------ D:\WINDOWS\system32\drivers\fsdfw.sys
2007-09-24 20:36 30016 --a------ D:\WINDOWS\system32\drivers\fsndis5.sys
2007-09-21 1ocuments and Settings\All Users\Application Data\F-Secure
2007-09-21 1ocuments and Settings\All Users\Application Data\fssg
2007-09-21 1rogram Files\microsoft frontpage
2007-09-17 01:07 8491008 --a------ D:\WINDOWS\system32\nvcpl.dll
2007-09-17 01:07 81920 --a------ D:\WINDOWS\system32\nvwddi.dll
2007-09-17 01:07 81920 --a------ D:\WINDOWS\system32\nvmctray.dll
2007-09-17 01:07 753664 --a------ D:\WINDOWS\system32\nvcplui.exe
2007-09-17 01:07 6853088 --a------ D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 01:07 6746112 --a------ D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 01:07 6344704 --a------ D:\WINDOWS\system32\nvdisps.dll
2007-09-17 01:07 5783040 --a------ D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 01:07 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07 45056 --a------ D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 01:07 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07 425984 --a------ D:\WINDOWS\system32\keystone.exe
2007-09-17 01:07 36864 --a------ D:\WINDOWS\system32\nvcodins.dll
2007-09-17 01:07 36864 --a------ D:\WINDOWS\system32\nvcod.dll
2007-09-17 01:07 364544 --a------ D:\WINDOWS\system32\nvapi.dll
2007-09-17 01:07 3551232 --a------ D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 01:07 3334144 --a------ D:\WINDOWS\system32\nvgames.dll
2007-09-17 01:07 307200 --a------ D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 01:07 286720 --a------ D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 01:07 2371584 --a------ D:\WINDOWS\system32\nvwss.dll
2007-09-17 01:07 229376 --a------ D:\WINDOWS\system32\nvmccs.dll
2007-09-17 01:07 188416 --a------ D:\WINDOWS\system32\nvmccss.dll
2007-09-17 01:07 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07 1626112 --a------ D:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07 155716 --a------ D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 01:07 1478656 --a------ D:\WINDOWS\system32\nview.dll
2007-09-17 01:07 147456 --a------ D:\WINDOWS\system32\nvcolor.exe
2007-09-17 01:07 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07 1150976 --a------ D:\WINDOWS\system32\nvmobls.dll
2007-09-17 01:07 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-06_16.37.12.25 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-10-07 09:41:38 D:\WINDOWS\Temp\Perflib_Perfdata_1c8.dat
----atw 16,384 2007-10-07 09:41:21 D:\WINDOWS\Temp\Perflib_Perfdata_780.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="D:\Program Files\Optus Internet Security Suite\Common\FSM32.exe" [2007-04-27 03:12]
"F-Secure TNB"="D:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" [2007-04-27 03:10]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 17:00 D:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 D:\WINDOWS\system32\nwiz.exe]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.exe" [2006-03-18 12:24]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 D:\WINDOWS\KHALMNPR.Exe]
"Logitech BT Wizard"="LBTWiz.exe" []
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iMON"="D:\Program Files\SOUNDGRAPH\iMON\iMON.exe" [2007-09-21 23:48]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"eBayToolbar"="D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-24 16:35]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="d:\program files\valve\steam\steam.exe" [2007-10-05 11:54]
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-21 22:36:55]
D:\Documents and Settings\Michael\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [2006-10-26 20:24:54]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-21 22:36:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 15:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
d:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 d:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
R0 FSFW;F-Secure Firewall Driver;D:\WINDOWS\system32\drivers\fsdfw.sys
R0 viamraid;viamraid;D:\WINDOWS\system32\drivers\viamraid.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\D:\Program Files\Optus Internet Security Suite\HIPS\fshs.sys
R3 AmdLLD;AMD Low Level Device Driver;D:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;D:\WINDOWS\system32\DRIVERS\dvc325.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\Program Files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys
R3 SGIR;SGIR;D:\WINDOWS\system32\drivers\iMON_PAD.sys
S3 SGHIDI;SGHIDI;D:\WINDOWS\system32\drivers\TG_iMON.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\D:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 08:29:03 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 19:46:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-07 19:47:49
.
--- E O F ---
And thanks again for all your help guys, Ill let you know how she goes, you deserve a raise, and a bj from my missus :-)
Smicko

Response Number 8

Name: jabuck
Date: October 7, 2007 at 07:12:01 Pacific

Reply:

Your log is clean. Glad we could help.

Sponsored Link

Ads by Google

restriction in IE and Fir...

Possible Virus?

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: cant get rid of virus.win32.virut.q

How to get rid of Virus.Win32.Virut

Summary

www.computing.net/answers/security/how-to-get-rid-of-viruswin32virut/23600.html

cant get rid of virus

Summary

www.computing.net/answers/security/cant-get-rid-of-virus/24071.html

cant get rid of virus

Summary

www.computing.net/answers/security/cant-get-rid-of-virus/24398.html

From the Geek Dictionary
chipset - A chipset refers to a group of integrated circuits, or chips, that are desi...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
GeForce v Radeon

Batch file to synch FTP folder with local

Google Redirect/Invalid Security/Virus

wireless network overview

Monitor Screen Resolution

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE