Trojan Downloader !!!!!! Nod32 Wtf!!

Gamepsyched

Gamepsyched

New Member
Sorry for the title but this thing keeps popping up on my screen saying 17p***** is not valid exe. (stars mean don't no what else it said cause im on my other computer) and nod 32 keeps saying security threat blocked but not stopping it. it started to download this thing to :"stop it" so i held the power button to shut that shit off. I think it might of happened when i downloaded crysis demo but i dont know i think it was there for awhile because it popped up once before but didn't come back and now a week later it comes back ready to kick my computers ass. So i dont know where it came from, And why isnt nod 32 accually stopping it just saying it is lol ?


This is critical. Because i dont wanna lose my files. i have an external hard drive and i searched for the same file it was saying wouldn't open and doesnt seem to be there so thats good. Anyone else have this and any advice what to do.

P.s The exe is in windows and says its a win32 application or not one so i didnt want to go around deleting windows files.

Thank you, long thread.
 
Ok im on my laptop offline so i could figure out what the file was called and its called "17pholmes572" that sounds like a"virusy" name to me lol but thats the filename
 
Last edited:
and im saying that file because when everything pops up an error pops up saying its not a valid win 32 so i assume it has something to do with the virus. I scan that file and nod32 says it doesnt find anything. GAR
 
It's definitely infected, please post logs from HijackThis and ComboFix:

Please download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.

Once done, please do the following:
1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with the HijackThis log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
 
Dude wtf combofix deleted files......... whats happenin????? im on my other comp because all it shows on my laptop is the combo fix command screen


I just found out something, everytime i restart a windows live installer comes up. I didnt accept any of those files that my friends sent me so wtf?
 
Last edited:
Hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:14 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [7074a397] rundll32.exe "C:\WINDOWS\system32\pigdkndy.dll",b
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\Nolan\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB561F8-76C7-45B6-8DD7-06098F6ABD99}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9416 bytes



-------------------------------------------------------------------------------------------------




ComboFix 08-02.01.4 - Nolan 2008-01-31 21:36:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.451 [GMT -8:00]
Running from: C:\Documents and Settings\Nolan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\fuugahwn.ini
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\nktpowvf.dll
C:\WINDOWS\system32\nwhaguuf.dll
C:\WINDOWS\system32\pigdkndy.dll
C:\WINDOWS\system32\rkabdjqm.dll
C:\WINDOWS\system32\ydnkdgip.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 21:32 . 2008-01-31 21:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 00:18 . 2008-01-31 00:18 <DIR> d-------- C:\Program Files\uTorrent
2008-01-31 00:18 . 2008-01-31 18:01 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\uTorrent
2008-01-30 20:21 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-01-30 20:21 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-01-30 20:21 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-30 20:21 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-30 19:46 . 2005-09-01 13:08 233,536 -ra------ C:\WINDOWS\Instexec.exe
2008-01-30 19:46 . 2005-09-07 05:24 86,016 --a------ C:\WINDOWS\system32\vatee.ax
2008-01-30 19:41 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-30 19:40 . 2008-01-30 19:40 260 --a------ C:\WINDOWS\_delis32.ini
2008-01-30 17:44 . 2008-01-30 17:44 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-30 14:33 . 2008-01-30 14:33 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Lavasoft
2008-01-30 11:56 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-30 11:56 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-30 11:56 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-30 11:51 . 2008-01-30 14:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-29 23:47 . 2007-10-18 12:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 23:46 . 2008-01-29 23:46 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 23:42 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 23:42 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 23:31 . 2008-01-30 19:46 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-29 23:20 . 2008-01-29 23:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 23:17 . 2008-01-29 23:17 <DIR> dr-h----- C:\Documents and Settings\Nolan\Application Data\SecuROM
2008-01-29 23:17 . 2008-01-29 23:17 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-29 21:30 . 2008-01-30 14:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:20 . 2008-01-30 22:47 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-29 20:40 . 2008-01-29 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-29 20:39 . 2008-01-29 20:50 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-29 20:37 . 2008-01-29 20:38 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\DAEMON Tools Pro
2008-01-29 20:13 . 2008-01-29 20:13 <DIR> d-------- C:\Program Files\Stardock
2008-01-29 20:13 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-29 17:22 . 2008-01-31 18:00 32,764 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-29 17:21 . 2008-01-29 17:22 38,400 --------- C:\WINDOWS\system32\opnoopq.dll
2008-01-29 14:11 . 2008-01-29 14:11 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 01:33 . 2008-01-29 01:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-29 00:01 . 2008-01-29 00:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-28 23:07 . 2008-01-28 23:07 <DIR> d-------- C:\Documents and Settings\Nolan\Incomplete
2008-01-28 23:07 . 2008-01-31 18:44 <DIR> d-------- C:\Documents and Settings\Nolan\.limewire
2008-01-28 19:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 19:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-28 19:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 18:17 . 2007-11-11 09:51 2,519,040 --a------ C:\WINDOWS\system32\nvwssr.dll
2008-01-28 18:17 . 2007-11-11 09:51 2,486,272 --a------ C:\WINDOWS\system32\nvwss.dll
2008-01-28 18:17 . 2007-11-11 09:51 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-01-28 17:33 . 2008-01-28 17:33 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2008-01-28 17:09 . 2008-01-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 17:04 . 2008-01-28 17:04 268 --ah----- C:\sqmdata03.sqm
2008-01-28 17:04 . 2008-01-28 17:04 244 --ah----- C:\sqmnoopt03.sqm
2008-01-28 16:54 . 2008-01-28 16:54 268 --ah----- C:\sqmdata02.sqm
2008-01-28 16:54 . 2008-01-28 16:54 244 --ah----- C:\sqmnoopt02.sqm
2008-01-28 16:51 . 2008-01-28 16:51 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 16:08 . 2008-01-28 16:08 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Logitech
2008-01-28 16:00 . 2008-01-28 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-28 15:56 . 2008-01-28 15:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-28 15:56 . 2008-01-28 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-28 15:54 . 2008-01-28 16:22 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-28 15:54 . 2008-01-28 15:54 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\InstallShield
2008-01-28 15:54 . 2008-01-28 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-28 15:54 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-01-28 15:54 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-28 15:54 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-28 15:54 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-28 15:54 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-28 15:04 . 2008-01-28 17:34 <DIR> d-------- C:\Documents and Settings\Nolan\Contacts
2008-01-28 15:00 . 2008-01-28 15:00 268 --ah----- C:\sqmdata01.sqm
2008-01-28 15:00 . 2008-01-28 15:00 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 14:55 . 2008-01-28 14:55 268 --ah----- C:\sqmdata00.sqm
2008-01-28 14:55 . 2008-01-28 14:55 244 --ah----- C:\sqmnoopt00.sqm
2008-01-28 14:08 . 2008-01-28 14:12 <DIR> d-------- C:\Program Files\Windows Live
2008-01-28 14:08 . 2008-01-28 14:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 14:08 . 2008-01-28 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 13:30 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-31 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-28 13:26 . 2008-01-28 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 13:08 . 2008-01-28 13:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-28 01:11 . 2006-03-20 19:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-28 01:09 . 2008-01-28 01:10 <DIR> d-------- C:\Program Files\Google
2008-01-28 01:04 . 2008-01-28 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 00:54 . 2008-01-28 00:54 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\ESET
2008-01-28 00:54 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-28 00:53 . 2008-01-28 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-28 00:48 . 2008-01-28 00:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-28 00:37 . 2008-01-28 00:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-28 00:34 . 2008-01-28 00:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-28 00:27 . 2008-01-28 00:27 <DIR> d-------- C:\Program Files\PowerISO
2008-01-28 00:24 . 2008-01-31 21:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 00:24 . 2008-01-28 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Program Files\iPod
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 00:23 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\Nolan\Application Data\Apple Computer
2008-01-28 00:22 . 2008-01-28 00:22 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 00:22 . 2008-01-28 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 00:22 . 2008-01-28 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-28 00:22 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-28 00:11 . 2008-01-28 13:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\RamBooster 2.0
2008-01-28 00:11 . 2008-01-28 00:11 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 07:36 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-28 06:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 06:45 --------- d-----w C:\Program Files\Windows Plus
2007-12-21 16:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 16:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 16:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 16:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 16:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-28 01:10 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 05:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 09:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 09:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 20:03 73728 C:\WINDOWS\system32\nvhotkey.dll]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 13:03 36640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-28 17:33 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 09:51 81920]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"NI.UGA6P_0001_N122M2210"="C:\DOCUME~1\Nolan\LOCALS~1\Temp\winvsnet.exe" [ ]

C:\Documents and Settings\Nolan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-28 00:11:13 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-28 00:11:15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnoopq]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 08:22:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 21:44:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-01-31 21:46:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 05:46:09
.
2008-01-29 08:01:32 --- E O F ---
 
Last edited:
So anyone know wtf any of that means???? haha


because im not connecting my external hdd or my ipod until i can figure out what it is.



P.S after doing that i got back all my hd space that mysteriously dissapeared :D:D:D:D so that resolves my other thread




P.S.S - Well im thinking of dumpin nod32 (its my anti virus spyware and firewall) since it let this shit through , Any reccomendations on an antivirus?
 
Last edited:
lawl sorry i just really wanna hook up my external hdd and listen to my podcasts on my ipod , and im the most impatient person ever (i also have a.d.h.d) so sorry i will bug my 360 forum atm i guess
 
mmmm i was gonna look ay your hi jack log but people with a d h d use that as an excuse for eveything so i maylater now.
 
dude ..... plz look at the hijack lol its complete jibberish to me. I would just like to know if my computer is virus free and if i should get a different antivirus cause nod missed this.
 
You really want Blueplum to give you his advice?
Anyhow, it looks like that log was taken before running combofix, post a new Hijackthis log.

Edit: and keep nod, it's one of the best..
 
ComboFix has removed those files because they are part of the infection. A little more to do:

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\opnoopq.dll
C:\WINDOWS\system32\drivers\lvuvc.hs

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnoopq]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UGA6P_0001_N122M2210"=-
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)

Please close all open windows except for HijackThis and choose Fix checked

Please post the ComboFix log along with a new HijackThis log.
 
^^ ty so much im doing that right now

and yes i clicked the arrow im a noob but i know some stuff, But it just totally disappeared it wasnt inactive icon or anything wierd? I opened it by the exe and popped up quick but still not in taskbar. Reboot fixed but still wierd




Comment: Thank you ceewi1, You really should get paid to do this (maybe you do), But thank you nonetheless.
 
Last edited:
NOD32 is normally very good but if you do want new security software then have a look at BitDefender http://www.bitdefender.co.uk/ (select your country at the top to see the appropriate currency) you can sometimes pick the software up cheaper via resellers on ebay but it will normally be a download only, no CD or manual. They do a free version but you'll have to check the limits on that.
 
Last edited:
^^ nice icp cartman btw. I have tried bitdefender i personally do not like it, I very much enjoy nod32 but this is the only thing that has slipped past it (it even had it quarantined for awhile but it came back). I might switch to kaspersky 6 but ive heard it is a resource hog. What do you think.
 
You must log in or register to reply here.
Back
Top