Trojan Downloader !!!!!! Nod32 Wtf!!

Personally I find BitDefender easy to use and the added gaming mode is handy, it's had very good reviews. But like with any software I guess it's a matter of just trying different software until you find one you are comfortable with.

You're probably the only person on here who knew that was ICP cartman ;) I have another in blue that I use for Windows Live Messenger :)
 
Last edited:
What do you mean by gaming mode?

I just saw it looked like ICP and then it looked like cartman so i figured :D
 
Last edited:
After doing the second combo fix my computer is using 100% of cpu so please tell me what happened im on my other computer because i cant do anything on my laptop
 
ComboFix 08-02.01.4 - Nolan 2008-02-01 0:08:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.493 [GMT -8:00]
Running from: C:\Documents and Settings\Nolan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nolan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\opnoopq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 23:49 . 2008-01-31 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-31 21:32 . 2008-01-31 21:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 00:18 . 2008-01-31 00:18 <DIR> d-------- C:\Program Files\uTorrent
2008-01-31 00:18 . 2008-01-31 18:01 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\uTorrent
2008-01-30 20:21 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-01-30 20:21 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-01-30 20:21 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-30 20:21 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-30 19:46 . 2005-09-01 13:08 233,536 -ra------ C:\WINDOWS\Instexec.exe
2008-01-30 19:46 . 2005-09-07 05:24 86,016 --a------ C:\WINDOWS\system32\vatee.ax
2008-01-30 19:41 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-30 19:40 . 2008-01-30 19:40 260 --a------ C:\WINDOWS\_delis32.ini
2008-01-30 17:44 . 2008-01-30 17:44 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-30 14:33 . 2008-01-30 14:33 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Lavasoft
2008-01-30 11:56 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-30 11:56 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-30 11:56 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-30 11:51 . 2008-01-30 14:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-29 23:47 . 2007-10-18 12:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 23:46 . 2008-01-29 23:46 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 23:42 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 23:42 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 23:31 . 2008-01-30 19:46 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-29 23:20 . 2008-01-29 23:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 23:17 . 2008-01-29 23:17 <DIR> dr-h----- C:\Documents and Settings\Nolan\Application Data\SecuROM
2008-01-29 23:17 . 2008-01-29 23:17 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-29 21:30 . 2008-01-30 14:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:20 . 2008-01-30 22:47 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-29 20:40 . 2008-01-29 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-29 20:39 . 2008-01-29 20:50 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-29 20:37 . 2008-01-29 20:38 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\DAEMON Tools Pro
2008-01-29 20:13 . 2008-01-29 20:13 <DIR> d-------- C:\Program Files\Stardock
2008-01-29 20:13 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-29 14:11 . 2008-01-29 14:11 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 01:33 . 2008-01-29 01:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-29 00:01 . 2008-01-29 00:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-28 23:07 . 2008-01-28 23:07 <DIR> d-------- C:\Documents and Settings\Nolan\Incomplete
2008-01-28 23:07 . 2008-01-31 18:44 <DIR> d-------- C:\Documents and Settings\Nolan\.limewire
2008-01-28 19:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 19:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-28 19:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 18:17 . 2007-11-11 09:51 2,519,040 --a------ C:\WINDOWS\system32\nvwssr.dll
2008-01-28 18:17 . 2007-11-11 09:51 2,486,272 --a------ C:\WINDOWS\system32\nvwss.dll
2008-01-28 18:17 . 2007-11-11 09:51 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-01-28 17:33 . 2008-01-28 17:33 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2008-01-28 17:09 . 2008-01-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 17:04 . 2008-01-28 17:04 268 --ah----- C:\sqmdata03.sqm
2008-01-28 17:04 . 2008-01-28 17:04 244 --ah----- C:\sqmnoopt03.sqm
2008-01-28 16:54 . 2008-01-28 16:54 268 --ah----- C:\sqmdata02.sqm
2008-01-28 16:54 . 2008-01-28 16:54 244 --ah----- C:\sqmnoopt02.sqm
2008-01-28 16:51 . 2008-01-28 16:51 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 16:08 . 2008-01-28 16:08 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Logitech
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-28 15:56 . 2008-01-28 15:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-28 15:56 . 2008-01-28 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-28 15:54 . 2008-01-28 16:22 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-28 15:54 . 2008-01-28 15:54 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\InstallShield
2008-01-28 15:54 . 2008-01-28 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-28 15:54 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-01-28 15:54 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-28 15:54 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-28 15:54 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-28 15:54 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-28 15:04 . 2008-01-28 17:34 <DIR> d-------- C:\Documents and Settings\Nolan\Contacts
2008-01-28 15:00 . 2008-01-28 15:00 268 --ah----- C:\sqmdata01.sqm
2008-01-28 15:00 . 2008-01-28 15:00 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 14:55 . 2008-01-28 14:55 268 --ah----- C:\sqmdata00.sqm
2008-01-28 14:55 . 2008-01-28 14:55 244 --ah----- C:\sqmnoopt00.sqm
2008-01-28 14:08 . 2008-01-28 14:12 <DIR> d-------- C:\Program Files\Windows Live
2008-01-28 14:08 . 2008-01-28 14:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 14:08 . 2008-01-28 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 13:30 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-31 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 13:08 . 2008-01-28 13:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-28 01:11 . 2006-03-20 19:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-28 01:09 . 2008-01-28 01:10 <DIR> d-------- C:\Program Files\Google
2008-01-28 01:04 . 2008-01-28 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 00:54 . 2008-01-28 00:54 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\ESET
2008-01-28 00:54 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-28 00:53 . 2008-01-28 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-28 00:48 . 2008-01-28 00:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-28 00:37 . 2008-01-28 00:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-28 00:34 . 2008-01-28 00:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-28 00:27 . 2008-01-28 00:27 <DIR> d-------- C:\Program Files\PowerISO
2008-01-28 00:24 . 2008-01-31 23:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 00:24 . 2008-01-28 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Program Files\iPod
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Apple Computer
2008-01-28 00:22 . 2008-01-28 00:22 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 00:22 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 00:22 . 2008-01-28 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-28 00:22 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-28 00:11 . 2008-01-28 13:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\RamBooster 2.0
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\QuickTime
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\My Book

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 06:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 06:45 --------- d-----w C:\Program Files\Windows Plus
2007-12-21 16:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 16:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 16:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 16:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 16:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-11-12 16:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-11 17:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-11 17:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-11 17:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-11 17:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-11 17:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-11 17:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-11 17:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-11 17:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-11 17:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-11 17:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-11 17:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-11 17:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-11 17:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-11 17:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-11 17:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-11 17:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-11 17:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-11 17:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-11 17:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-11 17:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-11 17:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-11 17:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-11 17:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-11 17:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-11 17:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-11 17:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-11 17:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-11 17:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-11 17:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-11 17:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-11 17:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-11 17:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-11 17:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-11 17:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-11 17:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-11 17:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-11 17:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-11 17:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-11 17:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-11 17:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-11 17:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-11 17:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-11 17:51 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-11-11 17:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-11 17:51 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-11-11 17:51 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-11-11 17:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-11 17:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-11-11 17:51 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-11-11 17:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-11 17:51 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-11 17:51 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-11 17:51 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-11 17:51 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-11 17:51 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-28 01:10 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 09:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 09:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 20:03 73728 C:\WINDOWS\system32\nvhotkey.dll]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 13:03 36640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-28 17:33 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 09:51 81920]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"NI.UGA6P_0001_N122M2210"="C:\DOCUME~1\Nolan\LOCALS~1\Temp\winvsnet.exe" [ ]

C:\Documents and Settings\Nolan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-28 00:11:13 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-28 00:11:15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnoopq]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 08:22:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 00:18:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 0:28:25
ComboFix-quarantined-files.txt 2008-02-01 08:27:53
ComboFix2.txt 2008-02-01 05:46:13
.
2008-01-29 08:01:32 --- E O F ---


new combo fix log




----------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB561F8-76C7-45B6-8DD7-06098F6ABD99}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8888 bytes


i deleted all the 015 things you told me to do ceewi



QUESTION: There is now a folder named Qoobox in my local disk [c:] drive. is that supposed to be there??? I see the combofix text file but is the folder supposed to be there?
 
Last edited:
Yes, ESET is NOD32 and qoobox is the quarantine folder for ComboFix.

Please reboot your PC. Does the 100% CPU usage remain? If so, press Ctrl + Alt + Del to bring up the Task Manager. Click on the Processes tab and tell me which process is showing high CPU usage.
 
^^ no after the reboot it went back to normal, My computer is now running normal and (hopefully) virus free. I searched for the 17pholmes.exe and it is long gone, I deleted all the quarantined files in nod32 so now hopefully everything is good.

Should i also delete the quarantined items in qoobox?
 
Great, and your logfiles appear to be clean.

Please click on Start -> Run. Type ComboFix /u and click OK.
Note the space between the ComboFix and the /u
This will remove the backups that ComboFix has created in qoobox as well as the program itself.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
Gamepsyched said:
What do you mean by gaming mode?

I just saw it looked like ICP and then it looked like cartman so i figured :D
Click to expand...

Gamer Mode
The new Gamer Mode temporarily modifies protection settings so as to minimize their impact on gaming performance, maintaining a safe, fun gaming experience.
 
^^ thats cool and ceewi i have eset smart security 3.0 , spybot and ad aware

And yes i do use firefox 2 with adblock , language translator and downthem all add-ons.

All though with smart security 3.0 it is very slow to open files and everything so i would like some suggestions on:
------------------------------------------------------------------------------------------------------------------
what antivirus should i get kaspersky 6 perhaps?

What firewall? comodo ive liked when i used before.

What anti spyware (if kaspersky doesnt do that already)

p.s i also have mcafee site advisor add on (I reccomend this it tells you whether the site is safe)
 
Last edited:
You must log in or register to reply here.
Back
Top