WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow & Locking Pc + Nasty Stuff

Started by pat_e_o_dorz , Sep 21 2007 02:51 PM

Please log in to reply

12 replies to this topic

#1 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 21 September 2007 - 02:51 PM

Hi
I need help - My pc runs slow, game lock up and sound loops, AVG has found win32/pepatch, backdoor.agent.lgv & backdoor.agent.lkl in numerous locations

hi-jack this log file
Logfile of HijackThis v1.99.1
Scan saved at 21:46:08, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Malc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.stenaline.co.uk
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....shUKActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1182716302828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185725895859
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Advertisements

Register to Remove

#2 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 29 September 2007 - 08:18 PM

Lets try running combofix.exe
Download it from one of the links below:
Note:
It is important that it is saved directly to your desktop
http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 30 September 2007 - 12:58 PM

Scan run here is the log file - hope it makes sense to you it's a loss ojn me!!!

ComboFix 07-09-21.2 - "Malc" 2007-09-30 19:44:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.508 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tmp45.tmp

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.

2007-09-30 19:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 21:54 <DIR> d-------- C:\WINDOWS\nview
2007-09-29 21:38 <DIR> d-------- C:\DOCUME~1\Malc\APPLIC~1\SystemRequirementsLab
2007-09-28 21:59 1,277 --a------ C:\WINDOWS\mozver.dat
2007-09-28 21:55 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-27 22:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-09-26 22:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-09-26 22:10 <DIR> d-------- C:\Program Files\MSBuild
2007-09-26 22:06 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-09-26 22:04 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-26 22:00 <DIR> d-------- C:\6951c9ea3e92bc084f35
2007-09-25 20:31 <DIR> d-------- C:\Program Files\iPod
2007-09-21 22:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-21 21:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-21 21:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-21 21:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-16 17:18 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-09-14 20:22 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-09-14 20:22 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-09-14 20:22 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-09-14 20:22 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-09-13 20:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-13 18:30 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-09-10 22:36 <DIR> d-------- C:\WINDOWS\nview(2)
2007-09-10 20:34 <DIR> d-------- C:\Program Files\steam copy
2007-09-05 21:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-17 19:34 <DIR> d-------- C:\Program Files\RegCure
2007-08-11 22:46 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-11 22:46 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-11 22:46 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-11 21:04 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-11 21:04 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-11 21:04 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-11 21:01 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2007-08-11 21:01 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt040d.dll
2007-08-11 21:01 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0401.dll
2007-08-11 20:57 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-08-11 20:57 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-08-11 20:57 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-08-11 20:57 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-08-11 20:47 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-08-11 20:46 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-08-08 20:50 <DIR> d-------- C:\Program Files\mIRC
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 07:43 <DIR> d-------- C:\Program Files\QuickTime
2007-08-07 07:25 <DIR> d-------- C:\Program Files\iTunes
2007-08-03 16:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-03 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-03 15:45 <DIR> d-------- C:\Temp\iTunes
2007-08-03 15:45 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 16:50 --------- d-------- C:\Program Files\Steam
2007-09-29 19:56 --------- d-------- C:\DOCUME~1\Malc\APPLIC~1\teamspeak2
2007-09-25 20:33 --------- d-------- C:\Program Files\Apple Software Update
2007-09-23 21:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-21 21:59 --------- d-------- C:\DOCUME~1\Malc\APPLIC~1\Lavasoft
2007-09-17 01:07 8491008 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-09-17 01:07 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-09-17 01:07 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-09-17 01:07 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-09-17 01:07 6853088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 01:07 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 01:07 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-09-17 01:07 5783040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 01:07 5509120 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-09-17 01:07 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-09-17 01:07 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 01:07 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-17 01:07 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-09-17 01:07 36864 --a------ C:\WINDOWS\system32\nvcod.dll
2007-09-17 01:07 364544 --a------ C:\WINDOWS\system32\nvapi.dll
2007-09-17 01:07 3629056 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-09-17 01:07 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 01:07 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-09-17 01:07 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-09-17 01:07 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
2007-09-17 01:07 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-09-17 01:07 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-09-17 01:07 327680 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-09-17 01:07 327680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-09-17 01:07 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-09-17 01:07 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-09-17 01:07 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-09-17 01:07 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-09-17 01:07 3166208 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-09-17 01:07 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-09-17 01:07 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-09-17 01:07 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-09-17 01:07 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 01:07 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-09-17 01:07 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-09-17 01:07 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-09-17 01:07 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-09-17 01:07 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-09-17 01:07 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-09-17 01:07 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-09-17 01:07 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-09-17 01:07 290816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2007-09-17 01:07 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-09-17 01:07 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-09-17 01:07 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 01:07 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-09-17 01:07 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-09-17 01:07 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-09-17 01:07 282624 --a------ C:\WINDOWS\system32\nvrses.dll
2007-09-17 01:07 282624 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-09-17 01:07 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-09-17 01:07 278528 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-09-17 01:07 278528 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-09-17 01:07 274432 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-09-17 01:07 274432 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-09-17 01:07 274432 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-09-17 01:07 270336 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-09-17 01:07 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-09-17 01:07 266240 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-09-17 01:07 258048 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-09-17 01:07 258048 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-09-17 01:07 258048 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-09-17 01:07 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-09-17 01:07 258048 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-09-17 01:07 253952 --a------ C:\WINDOWS\system32\nvrsth.dll
2007-09-17 01:07 253952 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-09-17 01:07 253952 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-09-17 01:07 253952 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-09-17 01:07 253952 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-09-17 01:07 249856 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-09-17 01:07 249856 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-09-17 01:07 245760 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-09-17 01:07 2441216 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-09-17 01:07 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
2007-09-17 01:07 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-09-17 01:07 225280 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-09-17 01:07 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-09-17 01:07 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-09-17 01:07 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-09-17 01:07 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-09-17 01:07 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-09-17 01:07 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 01:07 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-09-17 01:07 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07 126976 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-09-17 01:07 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-09-17 01:07 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-09-17 01:07 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-13 18:30 --------- d-------- C:\Program Files\OpenAL
2007-08-22 19:47 --------- d-------- C:\Program Files\Common Files\Motive
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-21 22:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-20 20:29]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-08-31 17:01]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"QuickTime Task"="C:\QTTask.exe" [2007-06-29 06:24]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-26 20:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-07-29 18:26]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-04-03 13:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-03-03 13:02:35]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 1)]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /O6 "USB001" /M "Stylus C46"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f4a64e8-2291-11dc-bc14-000129f58af0}]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 19:21:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-24 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-14 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-30 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-30 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-25 00:00:00 C:\WINDOWS\Tasks\At2.job"
"2007-09-30 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-29 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-28 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-25 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-25 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-25 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-25 04:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-08-13 15:16:15 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-08-16 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-08 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\vN47sMM4.exe
"2007-09-30 17:49:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-09-03 20:08:02 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-09-30 16:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-08-17 18:34:25 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 19:47:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-30 19:48:44
C:\ComboFix-quarantined-files.txt ... 2007-09-30 19:48
.
--- E O F ---

#4 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 30 September 2007 - 01:41 PM

C:\WINDOWS\system32\vN47sMM4.exe

I would like to see a copy of the file in bold.

Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
This makes a copy it does not delete it.
Please zip the file and upload it here
Or email it here

Please include a link to this thread.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 01 October 2007 - 12:47 PM

have followed the explorer tree and searched for the file - it's not there??? I have all files in view - none are hidden. I am puzzled!!

#6 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 01 October 2007 - 01:25 PM

Do a search for files paste in
C:\WINDOWS\Tasks
Let's see what task are listed.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 02 October 2007 - 03:14 AM

zipped folder of tasks attached

Attached Files

Tasks.zip 10.66KB 244 downloads

#8 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 02 October 2007 - 07:12 AM

Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!

Copy all the text contained in the code box below to your Clipboard.

Files to delete:
C:\WINDOWS\system32\vN47sMM4.exe

The above script is for this user only, if you need help please start your own thread.

Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log.

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 04 October 2007 - 02:30 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rpuvoitc

*******************

Script file located at: \??\C:\WINDOWS\kwlxejmt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\vN47sMM4.exe not found!
Deletion of file C:\WINDOWS\system32\vN47sMM4.exe failed!

Could not process line:
C:\WINDOWS\system32\vN47sMM4.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 09:24:23, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\KService\KService.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Malc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.stenaline.co.uk
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....shUKActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1182716302828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185725895859
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#10 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 04 October 2007 - 08:46 AM

Lets do a search again for
C:\WINDOWS\Tasks

this time lets delete all the At** task

Please go HERE to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#11 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 04 October 2007 - 01:46 PM

Followed the link and instructions but IE locked up art way thro' and went into ' not responding' condition. Have tried again also re-started pc and tried but on all occasions I can not get the panda software to activate when clicking on scan my pc!! I have found that I have major problems using IE - thats why I use Firefox. Have tried IE7 - problems - moved back to IE6 still problems

#12 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 16 October 2007 - 09:03 PM

Sorry I didn't get a email when you posted. Any change?

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 pat_e_o_dorz

New Member

Authentic Member
7 posts

Posted 22 October 2007 - 02:12 PM

re-tried the scan you suggested in your previous post using IE. Not successful IE locked up. Still having problems & have had blue screen occur when it dumps physical memory. It shows nv4.disp file is the problem. Have updated video card drivers from nvidia site. Am now stuck - have you any other suggestions?

Body Background

skin color theme