Odd message

Computing.Net > Forums > Security and Virus > Odd message

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Odd message

Name: Nitto414
Date: January 5, 2008 at 11:36:23 Pacific
OS: XP
CPU/Ram: AMD 64 3700+, 2 gigs

Comment:

When I click on my computer and go through my files i get this message nearly every time i open a folder.
http://img.photobucket.com/albums/v...
I have scanned with Spybot S&D, Adware 2007, and AVG anti virus. I still get the message after the scan.
Thanks in advance

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: January 5, 2008 at 12:33:07 Pacific

Reply:

Looks like a rogue anti spyware program but could be a trojan.
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: Nitto414
Date: January 5, 2008 at 14:32:32 Pacific

Reply:

Alrighty, here it is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:39 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\CTHELPER.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jelly-server.com/nuke/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Rates - {F325C9B7-4876-4665-895B-674D657645C2} - C:\WINDOWS\toprates.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4951 bytes

Response Number 3

Name: jabuck
Date: January 5, 2008 at 14:59:38 Pacific

Reply:

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
O2 - BHO: Rates - {F325C9B7-4876-4665-895B-674D657645C2} - C:\WINDOWS\toprates.dll
Exit Hiajck This.
Navigate to and delete this file if found:
C:\WINDOWS\toprates.dll
Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 4

Name: Nitto414
Date: January 5, 2008 at 15:32:04 Pacific

Reply:

ComboFix 08-01-06.4 - Owner 2008-01-05 18:29:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1566 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-05 18:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 14:21 . 2008-01-05 14:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-05 14:06 . 2008-01-05 14:06 <DIR> d-------- C:\Program Files\FDRLab
2008-01-05 14:06 . 2008-01-05 14:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FDRLab
2008-01-05 14:01 . 2008-01-05 17:22 <DIR> d-------- C:\Program Files\Poseidon - Live RTV Player
2008-01-05 13:09 . 2008-01-05 17:23 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-05 12:50 . 2008-01-05 17:22 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-05 12:34 . 2008-01-05 17:42 20,480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2008-01-05 00:27 . 2008-01-05 00:30 47 --a------ C:\tmp.bat
2007-12-28 12:38 . 2008-01-05 15:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-27 22:23 . 2007-12-27 22:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2007-12-27 22:22 . 2007-12-27 22:22 <DIR> d-------- C:\Program Files\Logitech
2007-12-27 22:22 . 2007-12-27 22:22 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-12-27 00:19 . 2007-12-27 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-27 00:18 . 2007-12-27 00:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-27 00:18 . 2007-12-27 00:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-26 23:06 . 2007-12-26 23:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-12-26 22:47 . 2007-12-26 22:47 <DIR> d-------- C:\Program Files\Ubisoft
2007-12-26 22:42 . 2000-05-22 16:58 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-26 22:41 . 2007-12-26 22:44 <DIR> d-------- C:\Program Files\MP3Gain
2007-12-26 22:40 . 2008-01-04 23:36 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2007-12-26 22:40 . 2008-01-05 00:49 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2007-12-26 22:39 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-26 22:36 . 2007-12-26 22:36 <DIR> d-------- C:\WINDOWS\Cache
2007-12-26 19:22 . 2007-12-26 19:22 <DIR> d-------- C:\WINDOWS\Sun
2007-12-26 16:08 . 2007-12-26 16:08 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-26 16:06 . 2007-12-26 16:06 <DIR> d-------- C:\Program Files\Azureus
2007-12-26 16:03 . 2007-12-26 16:08 <DIR> d-------- C:\Program Files\Java
2007-12-26 16:03 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-26 16:02 . 2007-12-26 16:03 <DIR> d-------- C:\Program Files\LimeWire
2007-12-26 16:02 . 2007-12-26 16:02 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-26 16:01 . 2008-01-05 00:49 <DIR> d-------- C:\Documents and Settings\Owner\.limewire
2007-12-26 15:48 . 2008-01-05 17:22 31,056 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
2007-12-26 15:48 . 2008-01-05 17:22 31,056 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
2007-12-26 15:48 . 2008-01-05 17:22 30,528 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
2007-12-26 15:48 . 2008-01-05 17:22 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
2007-12-26 15:48 . 2008-01-05 17:22 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
2007-12-26 15:48 . 2008-01-05 17:22 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-12-26 15:48 . 2008-01-05 17:22 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-12-26 15:47 . 2008-01-05 17:21 4,958,588 --a------ C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK
2007-12-26 15:43 . 2007-12-26 15:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Creative
2007-12-26 15:42 . 2007-12-26 15:42 <DIR> d-------- C:\WINDOWS\system32\Data
2007-12-26 15:42 . 2007-12-26 15:47 <DIR> d-------- C:\Program Files\Creative
2007-12-26 15:42 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
2007-12-26 15:42 . 2006-08-11 14:57 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-12-26 15:42 . 2006-08-11 14:55 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-12-26 15:42 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-12-26 15:42 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
2007-12-26 15:33 . 2007-12-26 15:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-26 15:31 . 2007-12-26 15:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-26 15:25 . 2007-12-27 00:27 <DIR> d-------- C:\Westwood
2007-12-26 14:46 . 2007-12-26 14:46 <DIR> d-------- C:\Program Files\CCleaner
2007-12-26 14:44 . 2007-12-26 14:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-26 14:44 . 2007-12-26 14:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 14:44 . 2007-12-26 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 14:43 . 2007-12-26 14:43 <DIR> d-------- C:\Program Files\DivX
2007-12-26 14:43 . 2007-12-11 17:34 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-12-26 14:43 . 2007-12-11 17:34 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-12-26 14:40 . 2007-12-27 14:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-26 14:40 . 2007-12-26 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 14:40 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-26 14:38 . 2007-12-26 14:40 <DIR> d-------- C:\Program Files\Winamp
2007-12-26 14:38 . 2007-12-26 14:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2007-12-26 14:37 . 2008-01-04 14:58 <DIR> d-------- C:\Program Files\mIRC
2007-12-26 14:37 . 2008-01-04 15:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2007-12-26 14:36 . 2007-12-26 14:36 <DIR> d-------- C:\Fraps
2007-12-26 14:36 . 2007-12-26 14:36 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
2007-12-26 14:36 . 2008-01-05 17:37 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 14:35 . 2007-12-26 14:36 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-26 14:35 . 2007-12-26 14:35 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-26 14:33 . 2008-01-05 17:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-26 14:33 . 2007-12-26 14:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-26 14:33 . 2007-12-26 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-26 14:33 . 2008-01-05 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-26 14:14 . 2007-12-26 14:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-26 14:01 . 2007-12-26 14:01 <DIR> d-------- C:\Program Files\Valve
2007-12-26 13:35 . 2007-12-26 13:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-26 13:35 . 2007-12-26 13:35 <DIR> d-------- C:\Program Files\Ahead
2007-12-26 13:35 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-26 13:35 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-26 13:35 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-26 13:35 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-12-26 13:35 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-26 13:35 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-26 13:35 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-26 13:35 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-12-26 13:20 . 2005-06-03 17:09 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-12-26 13:20 . 2005-06-03 17:09 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
2007-12-26 13:20 . 2005-06-03 17:09 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-12-26 13:20 . 2005-06-03 17:09 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-12-26 13:17 . 2007-12-27 22:14 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 13:17 . 2005-09-06 02:44 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-26 13:17 . 2005-09-06 02:44 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-12-26 13:17 . 2005-09-06 02:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-26 13:17 . 2005-09-06 02:44 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-26 13:17 . 2006-06-14 04:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-12-26 13:17 . 2006-06-14 04:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-12-26 13:17 . 2005-08-12 23:44 36,608 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-12-26 13:17 . 2006-06-14 03:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-12-26 13:17 . 2006-06-14 03:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 20:43 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-26 20:43 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 06:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 06:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 06:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 06:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 06:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 06:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 06:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 06:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 06:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 06:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 06:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 06:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 06:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 06:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-08-12 23:28 28160 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 14:56 579072]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-26 14:33 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-27 22:22:03]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-10-07 12:04 2083664 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-26 14:26 1266936 C:\Program Files\Valve\Steam\\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"a2AntiMalware"=2 (0x2)

*Newly Created Service* - HTTPFILTER
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 22:26:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 18:30:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 18:31:14
.
2007-12-27 20:00:02 --- E O F ---

Response Number 5

Name: jabuck
Date: January 5, 2008 at 16:11:13 Pacific

Reply:

This file I am asking you to remove is a Keylogger, your passwords may have been compromised, you should change them.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\H@tKeysH@@k.DLL
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.

nv4_disp.dll fix secdrv.sys Srvinstw.exe 2008	wmasf.dll wdmaud.sys download mscomctl.ocx vista
See More

Response Number 6

Name: Nitto414
Date: January 5, 2008 at 21:28:05 Pacific

Reply:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Mon, Jan 07, 2008 - 00:24:54
Scan Info

Scanned Files 284490
Infected Files 0
Virus Detected
No virus found.

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

I wasnt given the option to export my scan report, only view it. And that was the message it gave me.

Response Number 7

Name: jabuck
Date: January 6, 2008 at 06:15:47 Pacific

Reply:

Sounds like the computer is clean. How is the computer operating?
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Response Number 8

Name: Nitto414
Date: January 6, 2008 at 07:41:48 Pacific

Reply:

thanks mate :)
everything seems to be working like a charm.

Response Number 9

Name: jabuck
Date: January 6, 2008 at 08:07:42 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Trojan Virus of some sort

Blue/Black Screens, Slow ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Odd message

Programs not starting, dls not work

Summary

www.computing.net/answers/security/programs-not-starting-dls-not-work/8056.html

this is starting to scare me

Summary

www.computing.net/answers/security/this-is-starting-to-scare-me/15161.html

Internet Explorer restarts

Summary

www.computing.net/answers/security/internet-explorer-restarts-/22450.html

From the Geek Dictionary
Elite Speak - Language derivation or computer slang that replaces letters with numbers. C...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
sysdata.xml BSOD error

create folder based on filename

security - switch user overnight

word file saved in strange format.

inserting multiple lines to

All Awaiting Reply

Tom's News
Couple Gets Married at Best Buy on Black Friday

AT&T Offering Refurbed iPhone 3GS for $49

Droid Gets Porn App Marketplace

App Developer Hires Hacker, Security Firms Pissed

America Spends $595M Online on Black Friday

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE