My pc is infected!
August 7th, 2016
http://www.google.com?t=2676152
All links must be coded - including, but not limited to, e-mail addresses, passwords and internal links.
Link(s) coded. ~ thepoint
I was using avast so it started detecting it was a virus, I immediately started scanning with avast and super anti spyware and malware bytes anti malware. It had detected a few infected files, however I cleaned them and restarted my computer to repeat the scans. This time everything came up clean however my firewall will not turn on. My system restore was shut down and restore points were deleted by the virus. Can anyone please offer any help.
Bear in mind that no AV likes anything to do with IRC clients, so installing one will probably make avast! freak out, but it does sound like an infection.
Please download the current version of HijackThis from here.
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
- Double click and run the installer.
- It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
- After installing, you should get the user agreement, press accept and Hijack This will run.
- Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
format it, seriously
CONFIRMED IT IS A VIRUS
I do not want to reformat. However I can’t even access the internet on my own computer, my network connections were deleted. I am currently on a different pc so I can download Hijack this and then put it on a removable device however I do not want my removable device to get infected and spread anything.
Get a program called “ComboFix” amd run it and it will restore all your important setings
I will post the hijackthis log in a few minutes. Combofix is currently running.
Good, i reported that damn post and even PM’ed it to a mod but its still there :/
The Combofix log would be helpful too after you have it.
Here are the logs:
Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:03 PM, on 5/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\WINDOWS\System32\avast!Antivirus.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\wscntfy.exe
H:\kidpz.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\32788R22FWJFW\n.com
E:\32788R22FWJFW\n.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] E:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [svc] c:\program Files\ThunMail\testabd.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: avast!Antivirus - Unknown owner - E:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4030 bytes
ComboFix:
ComboFix 09-05-30.01 - CounterStrikeSource 05/30/2009 13:29:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2755 [GMT -4:00]
Running from: H:\kidpz.exe
AV: avast! antivirus 4.8.1229 [VPS 090529-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\WINDOWS\Install.txt
E:\WINDOWS\system32\avast!Antivirus.exe
E:\WINDOWS\system32\comsa32.sys
E:\WINDOWS\system32\dpcxool64.sys
E:\WINDOWS\system32\FInstall.sys
E:\WINDOWS\system32\Install.txt
E:\WINDOWS\system32\msncache.dll
E:\WINDOWS\system32\tpsaxyd.exe
E:\WINDOWS\system32\wtukd32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.
2009-05-30 17:27:58 . 2009-05-30 17:27:58 0 d-----w E:\Program Files\Trend Micro
2009-05-30 01:36:26 . 2009-05-30 01:36:26 0 d-sh--w E:\Documents and Settings\LocalService\IETldCache
2009-05-30 01:06:18 . 2009-05-30 01:06:18 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\Logitech
2009-05-30 01:04:07 . 2009-05-30 01:04:07 0 d-----w E:\Documents and Settings\All Users\Application Data\LogiShrd
2009-05-30 01:03:55 . 2008-12-19 03:43:18 10384 ----a-w E:\WINDOWS\system32\drivers\LBeepKE.sys
2009-05-30 01:03:14 . 2009-02-19 04:26:12 301656 ----a-w E:\WINDOWS\system32\BtCoreIf.dll
2009-05-30 01:03:13 . 2009-02-19 04:27:56 84496 ----a-w E:\WINDOWS\system32\KemXML.dll
2009-05-30 01:03:13 . 2009-02-19 04:27:48 117264 ----a-w E:\WINDOWS\system32\KemWnd.dll
2009-05-30 01:03:13 . 2009-02-19 04:27:40 145936 ----a-w E:\WINDOWS\system32\KemUtil.dll
2009-05-30 01:03:13 . 2009-02-19 04:27:32 170512 ----a-w E:\WINDOWS\system32\kemutb.dll
2009-05-30 01:03:04 . 2009-05-30 01:03:04 0 d-----w E:\Documents and Settings\All Users\Application Data\Logitech
2009-05-30 01:03:02 . 2009-05-30 01:03:17 0 d-----w E:\Program Files\Common Files\Logishrd
2009-05-30 01:03:01 . 2009-05-30 01:03:01 0 d-----w E:\Program Files\Logitech
2009-05-29 01:03:10 . 2009-05-29 01:03:10 0 d-----w E:\Program Files\LibUSB-Win32
2009-05-29 01:03:10 . 2007-03-20 15:33:26 28672 ----a-w E:\WINDOWS\system32\drivers\libusb0.sys
2009-05-29 01:03:10 . 2007-03-20 15:33:18 43520 ----a-w E:\WINDOWS\system32\libusb0.dll
2009-05-29 01:01:52 . 2009-05-29 01:02:39 0 d-----w E:\Program Files\QuickFreedom
2009-05-28 23:25:15 . 2009-05-28 23:25:15 0 d-----w E:\Program Files\Common Files\eSellerate
2009-05-28 23:25:13 . 2009-05-28 23:27:11 0 d-----w E:\Program Files\NewBlue
2009-05-28 20:44:20 . 2009-05-28 20:44:20 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\Publish Providers
2009-05-28 20:44:07 . 2009-05-28 20:44:07 0 d-----w E:\Documents and Settings\CounterStrikeSource\Local Settings\Application Data\Sony
2009-05-28 20:44:07 . 2009-05-28 20:44:07 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\Sony
2009-05-28 20:44:06 . 2009-05-29 21:00:04 0 d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2009-05-28 20:39:01 . 2009-05-28 20:39:01 0 d-----w E:\Program Files\Vstplugins
2009-05-28 20:38:59 . 2009-05-28 20:38:59 0 d-----w E:\Documents and Settings\All Users\Application Data\Sony
2009-05-28 20:38:52 . 2009-05-28 20:38:53 0 d-----w E:\Program Files\Sony
2009-05-28 20:37:54 . 2009-05-28 20:37:54 0 d-----w E:\Program Files\MSBuild
2009-05-28 20:37:52 . 2009-05-28 20:37:52 55600 ----a-w E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-28 20:35:01 . 2009-05-28 20:35:01 0 d-----w E:\WINDOWS\system32\XPSViewer
2009-05-28 20:34:41 . 2009-05-28 20:34:41 0 d-----w E:\Program Files\Reference Assemblies
2009-05-28 20:34:35 . 2006-06-29 17:07:36 14048 ------w E:\WINDOWS\system32\spmsg2.dll
2009-05-28 20:32:46 . 2009-05-28 20:33:22 52770576 ----a-w E:\Documents and Settings\CounterStrikeSource\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-05-28 20:32:45 . 2009-05-28 20:32:45 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\Sony Setup
2009-05-28 20:32:39 . 2009-05-28 20:32:39 0 d-----w E:\Program Files\Sony Setup
2009-05-28 20:00:07 . 2003-02-21 00:08:00 2482176 ----a-w E:\WINDOWS\system32\mscorwks.dll
2009-05-26 02:13:28 . 2001-08-18 02:36:30 5632 ----a-w E:\WINDOWS\system32\ptpusb.dll
2009-05-26 02:13:27 . 2008-04-13 18:45:34 15104 -c--a-w E:\WINDOWS\system32\dllcache\usbscan.sys
2009-05-26 02:13:27 . 2008-04-13 18:45:34 15104 ----a-w E:\WINDOWS\system32\drivers\usbscan.sys
2009-05-26 02:13:26 . 2008-04-14 00:12:04 159232 ----a-w E:\WINDOWS\system32\ptpusd.dll
2009-05-24 16:30:28 . 2009-05-30 16:47:53 117760 ----a-w E:\Documents and Settings\CounterStrikeSource\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-24 16:30:08 . 2009-05-24 16:30:08 0 d-----w E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-24 16:30:05 . 2009-05-24 16:30:05 65024 ----a-r E:\Documents and Settings\CounterStrikeSource\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-05-24 16:30:05 . 2009-05-24 16:30:05 18944 ----a-r E:\Documents and Settings\CounterStrikeSource\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-05-24 16:30:03 . 2009-05-24 16:30:04 0 d-----w E:\Program Files\SUPERAntiSpyware
2009-05-24 16:30:03 . 2009-05-24 16:30:03 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\SUPERAntiSpyware.com
2009-05-24 16:28:58 . 2009-05-24 16:28:58 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\Malwarebytes
2009-05-24 16:28:57 . 2009-04-06 19:32:46 15504 ----a-w E:\WINDOWS\system32\drivers\mbam.sys
2009-05-24 16:28:55 . 2009-04-06 19:32:54 38496 ----a-w E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-24 16:28:54 . 2009-05-24 16:28:58 0 d-----w E:\Program Files\Malwarebytes' Anti-Malware
2009-05-24 16:28:54 . 2009-05-24 16:28:54 0 d-----w E:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-23 14:43:08 . 2009-05-23 14:43:08 0 ----a-w E:\WINDOWS\nsreg.dat
2009-05-23 14:43:07 . 2009-05-23 14:43:07 0 d-----w E:\Documents and Settings\CounterStrikeSource\Local Settings\Application Data\Mozilla
2009-05-23 02:59:36 . 2009-05-23 02:59:37 0 d--h--w E:\WINDOWS\system32\GroupPolicy
2009-05-23 01:32:10 . 2009-05-25 00:34:51 0 d-----w E:\Documents and Settings\CounterStrikeSource\Application Data\Ventrilo
2009-05-23 01:27:08 . 2009-05-30 17:33:54 0 d-----w E:\Program Files\Steam
2009-05-23 01:23:42 . 2009-05-30 01:08:11 9432 ----a-w E:\Documents and Settings\CounterStrikeSource\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 01:20:24 . 2009-05-23 01:20:28 0 d-----w E:\Program Files\AGEIA Technologies
2009-05-23 01:20:24 . 2009-05-23 01:20:24 0 d-----w E:\WINDOWS\system32\AGEIA
2009-05-23 01:20:18 . 2009-05-24 16:29:55 0 d-----w E:\Program Files\Common Files\Wise Installation Wizard
2009-05-23 01:20:14 . 2009-05-01 02:02:00 457248 ----a-w E:\WINDOWS\system32\nvudisp.exe
2009-05-23 01:20:02 . 2009-04-27 04:42:48 457248 ----a-w E:\WINDOWS\system32\NVUNINST.EXE
2009-05-23 01:09:38 . 2009-05-23 01:09:38 0 d-sh--w E:\Documents and Settings\CounterStrikeSource\PrivacIE
2009-05-23 01:09:34 . 2009-05-23 01:09:34 0 d-----w E:\Documents and Settings\CounterStrikeSource\Local Settings\Application Data\Identities
2009-05-23 01:07:36 . 2009-05-23 01:07:36 0 d-sh--w E:\Documents and Settings\CounterStrikeSource\IETldCache
2009-05-23 00:53:20 . 2009-05-23 00:53:20 0 d-----w E:\Program Files\Ventrilo
2009-05-22 21:48:01 . 2009-05-22 21:48:01 0 d-----w E:\WINDOWS\ie8updates
2009-05-22 21:48:00 . 2009-04-25 05:30:39 102400 -c----w E:\WINDOWS\system32\dllcache\iecompat.dll
2009-05-22 21:47:18 . 2009-05-22 21:47:45 0 dc-h--w E:\WINDOWS\ie8
2009-05-22 21:11:36 . 2009-05-22 21:11:36 0 d-----w E:\WINDOWS\system32\scripting
2009-05-22 21:11:36 . 2009-05-22 21:11:36 0 d-----w E:\WINDOWS\system32\en
2009-05-22 21:11:36 . 2009-05-22 21:11:36 0 d-----w E:\WINDOWS\l2schemas
2009-05-22 21:11:35 . 2009-05-22 21:11:35 0 d-----w E:\WINDOWS\system32\bits
2009-05-22 21:10:45 . 2009-05-22 21:10:45 0 d-----w E:\WINDOWS\ServicePackFiles
2009-05-22 20:39:09 . 2004-08-04 02:29:46 25471 ------w E:\WINDOWS\system32\drivers\watv10nt.sys
2009-05-22 20:38:53 . 2004-08-04 02:29:32 73216 ------w E:\WINDOWS\system32\drivers\atintuxx.sys
2009-05-22 20:34:32 . 2008-05-03 11:55:36 2560 ------w E:\WINDOWS\system32\xpsp4res.dll
2009-05-22 20:34:32 . 2008-04-21 12:08:15 215552 -c----w E:\WINDOWS\system32\dllcache\wordpad.exe
2009-05-22 20:32:28 . 2009-05-22 20:32:28 0 d-----w E:\WINDOWS\system32\Lang
2009-05-22 20:30:49 . 2009-05-22 21:48:01 0 d--h--w E:\WINDOWS\$hf_mig$
2009-05-22 20:30:04 . 2009-05-22 20:30:04 0 d-sh--w E:\Documents and Settings\CounterStrikeSource\UserData
2009-05-22 20:26:59 . 2008-04-13 18:45:14 60160 ----a-w E:\WINDOWS\system32\drivers\drmk.sys
2009-05-22 20:16:18 . 2007-09-07 17:32:38 52 ----a-w E:\Documents and Settings\CounterStrikeSource\renewUSB32.cmd
2009-05-22 20:16:18 . 2002-11-14 22:32:08 55808 ----a-w E:\Documents and Settings\CounterStrikeSource\devconX32.exe
2009-05-22 20:15:20 . 2009-05-22 20:15:20 0 dc----w E:\WINDOWS\system32\DRVSTORE
2009-05-22 20:15:20 . 2009-05-22 20:15:20 0 d-----w E:\Program Files\Intel
2009-05-22 20:15:20 . 2007-12-12 07:56:42 53248 ----a-r E:\WINDOWS\system32\CSVer.dll
2009-05-22 20:15:07 . 2009-05-22 20:15:07 0 d-----w E:\Intel
2009-05-22 20:14:34 . 2009-05-22 20:25:49 24064 ----a-w E:\WINDOWS\autoload.exe
2009-05-22 19:35:43 . 2009-05-22 20:19:12 0 d-----w E:\Documents and Settings\CounterStrikeSource\Local Settings\Application Data\ApplicationHistory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 01:03:44 . 2009-05-30 01:03:44 0 ---ha-w E:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-30 01:03:43 . 2009-05-30 01:03:43 0 ---ha-w E:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-30 01:03:42 . 2009-05-30 01:03:42 0 ---ha-w E:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-30 01:03:03 . 2009-05-22 20:26:20 0 d--h--w E:\Program Files\InstallShield Installation Information
2009-05-23 01:16:42 . 2009-05-23 01:16:42 0 d-----w E:\Program Files\Alwil Software
2009-05-22 21:12:52 . 2009-05-22 18:17:27 87747 ----a-w E:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2009-05-22 20:27:54 . 2009-05-22 20:27:54 0 d-----w E:\Program Files\FPRD
2009-05-22 20:27:33 . 2009-05-22 20:27:33 0 d-----w E:\Program Files\Marvell
2009-05-22 20:26:21 . 2009-05-22 20:26:21 0 d-----w E:\Program Files\Realtek
2009-05-22 20:26:17 . 2009-05-22 20:26:17 315392 ----a-w E:\WINDOWS\HideWin.exe
2009-05-22 20:26:13 . 2009-05-22 20:26:13 0 d-----w E:\Program Files\Common Files\InstallShield
2009-05-22 18:18:47 . 2009-05-22 18:18:47 0 d-----w E:\Program Files\microsoft frontpage
2009-05-22 18:15:13 . 2009-05-22 18:15:13 21640 ----a-w E:\WINDOWS\system32\emptyregdb.dat
2009-05-22 18:14:44 . 2009-05-22 18:14:34 0 d-----w E:\Program Files\Windows Plus
2009-05-01 04:31:10 . 2009-05-01 04:31:10 1657376 ----a-w E:\WINDOWS\system32\nwiz.exe
2009-05-01 04:31:08 . 2009-05-01 04:31:08 449056 ----a-w E:\WINDOWS\system32\nvappbar.exe
2009-05-01 04:31:08 . 2009-05-01 04:31:08 436768 ----a-w E:\WINDOWS\system32\keystone.exe
2009-05-01 04:31:06 . 2009-05-01 04:31:06 466944 ----a-w E:\WINDOWS\system32\nvshell.dll
2009-05-01 04:31:06 . 2009-05-01 04:31:06 1724416 ----a-w E:\WINDOWS\system32\nvwdmcpl.dll
2009-05-01 04:31:06 . 2009-05-01 04:31:06 1507328 ----a-w E:\WINDOWS\system32\nview.dll
2009-05-01 04:31:06 . 2009-05-01 04:31:06 1101824 ----a-w E:\WINDOWS\system32\nvwimg.dll
2009-05-01 02:02:00 . 2009-05-22 20:39:07 8055584 ----a-w E:\WINDOWS\system32\drivers\nv4_mini.sys
2009-05-01 02:02:00 . 2009-05-01 02:02:00 9994240 ----a-w E:\WINDOWS\system32\nvoglnt.dll
2009-05-01 02:02:00 . 2009-05-01 02:02:00 806912 ----a-w E:\WINDOWS\system32\nvapi.dll
2009-05-01 02:02:00 . 2009-05-01 02:02:00 663552 ----a-w E:\WINDOWS\system32\nvcuvid.dll
2009-05-01 02:02:00 . 2009-05-01 02:02:00 1720320 ----a-w E:\WINDOWS\system32\nvcuda.dll
2009-05-01 02:02:00 . 2009-05-01 02:02:00 1579630 ----a-w E:\WINDOWS\system32\nvdata.bin
2009-05-01 02:02:00 . 2009-05-01 02:02:00 143360 ----a-w E:\WINDOWS\system32\nvcodins.dll
2009-05-01 02:02:00 . 2009-05-01 02:02:00 143360 ----a-w E:\WINDOWS\system32\nvcod.dll
2009-05-01 02:02:00 . 2009-05-01 02:02:00 1314816 ----a-w E:\WINDOWS\system32\nvcuvenc.dll
2009-05-01 02:02:00 . 2008-04-14 00:12:02 5896320 ----a-w E:\WINDOWS\system32\nv4_disp.dll
2009-04-03 16:39:20 . 2009-04-03 16:39:20 70936 ----a-w E:\WINDOWS\system32\PhysXLoader.dll
2009-03-08 08:34:58 . 2004-08-10 11:00:00 914944 ----a-w E:\WINDOWS\system32\wininet.dll
2009-03-08 08:34:30 . 2004-08-10 11:00:00 43008 ----a-w E:\WINDOWS\system32\licmgr10.dll
2009-03-08 08:33:40 . 2004-08-10 11:00:00 18944 ----a-w E:\WINDOWS\system32\corpol.dll
2009-03-08 08:33:06 . 2004-08-10 11:00:00 420352 ----a-w E:\WINDOWS\system32\vbscript.dll
2009-03-08 08:32:56 . 2004-08-10 11:00:00 72704 ----a-w E:\WINDOWS\system32\admparse.dll
2009-03-08 08:32:50 . 2004-08-10 11:00:00 71680 ----a-w E:\WINDOWS\system32\iesetup.dll
2009-03-08 08:31:38 . 2004-08-10 11:00:00 34816 ----a-w E:\WINDOWS\system32\imgutil.dll
2009-03-08 08:31:18 . 2004-08-10 11:00:00 48128 ----a-w E:\WINDOWS\system32\mshtmler.dll
2009-03-08 08:31:02 . 2004-08-10 11:00:00 45568 ----a-w E:\WINDOWS\system32\mshta.exe
2009-03-08 08:22:38 . 2004-08-10 11:00:00 156160 ----a-w E:\WINDOWS\system32\msls31.dll
2009-03-06 14:22:18 . 2004-08-10 11:00:00 284160 ----a-w E:\WINDOWS\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]
"Steam"="e:\program files\steam\steam.exe" [2009-05-23 15:08:49 1217784]
"SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 18:21:58 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="E:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04:42 59392]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 14:38:34 78008]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2009-05-01 04:30:16 86016]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2009-05-01 04:30:16 13750272]
"RTHDCPL"="RTHDCPL.EXE" - E:\WINDOWS\RTHDCPL.exe [2007-12-01 02:42:12 16858624]
"nwiz"="nwiz.exe" - E:\WINDOWS\system32\nwiz.exe [2009-05-01 04:31:10 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - E:\WINDOWS\KHALMNPR.Exe [2008-12-19 03:42:58 76304]
E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-5-29 809488]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "E:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05:34 356352 ----a-w E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30:52 72208 ----a-w e:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=E:\Documents and Settings\CounterStrikeSource\Desktop\deltemp.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"E:\\Program Files\\Steam\\steamapps\\calvinyhob@aol.com\\counter-strike\\hl.exe"=
"E:\\Program Files\\Steam\\steamapps\\calvinyhob@aol.com\\team fortress 2\\hl2.exe"=
"E:\\Program Files\\Steam\\steamapps\\bgoodz22\\counter-strike source\\hl2.exe"=
"E:\\Program Files\\Steam\\steamapps\\bgoodz22\\team fortress 2\\hl2.exe"=
"E:\\Program Files\\Steam\\steamapps\\calvinyhob@aol.com\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27020:TCP"= 27020:TCP:Steam Client
"27000:UDP"= 27000:UDP:Steam Client
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [5/22/2009 9:16:56 PM 78416]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22:00 PM 9968]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22:00 PM 72944]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\drivers\aswFsBlk.sys [5/22/2009 9:16:56 PM 20560]
R2 LBeepKE;LBeepKE;E:\WINDOWS\system32\drivers\LBeepKE.sys [5/29/2009 9:03:55 PM 10384]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;E:\WINDOWS\system32\drivers\libusb0.sys [5/28/2009 9:03:10 PM 28672]
R3 SASENUM;SASENUM;E:\Program Files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22:02 PM 7408]
R3 USB_FPRd;FingerPrinterReader;E:\WINDOWS\system32\drivers\UT_FPRd.sys [5/22/2009 4:27:54 PM 16128]
S1 glaide32;glaide32;\??\E:\WINDOWS\system32\drivers\glaide32.sys --> E:\WINDOWS\system32\drivers\glaide32.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"E:\WINDOWS\system32\rundll32.exe" "E:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
FF - ProfilePath - E:\Documents and Settings\CounterStrikeSource\Application Data\Mozilla\Firefox\Profiles\0s9let2j.default\
.
My firewall will still not turn on and my internet connection on that pc does not work. I checked my network connections and it is empty.
You want to clean these
H:\kidpz.exe E:\32788R22FWJFW\n.com
E:\32788R22FWJFW\n.com
The kidpz file is combofix I renamed it just incase. However how would I go about cleaning the other two just deleting them?
It’s always on mIRC.exe. I don’t know why h4x0rs would choose this as such a common target though. Remember to use an antivirus AND a firewall so you can monitor where it connects. At the end of the day the virus is only a real threat if it can phone home.
Ahh right i see
Yea just tick them in hyjackthis and click “fixed checked”
Then just to be sure make sure the files and not still there and do a full scan with MalwareBytes and Superantispyware.
Try a explorer program like total commander
I recommed: “free commander”
and go to E:\32788R22FWJFW\n.com
delete the file
Alright I will do that however how would I fix my firewall not turning on? I cannot access the internet on that pc either my network connections are empty, probably deleted by the virus/trojan.
remove the virus and then check if you can
then if you still cant check if the internet connection in enbled in “Device Manager”
And BTW what OS are you on?
Will do that I am on windows xp sp3 all updates kept to date its a genuine copy.
Ok mate, If you cant get it back you can try just doing a repair install, so you will keep all your files and setings
Before you do a repair install unintsall any damaged programs like your firewall and then re-install after
It seems to me like combofix has deleted those two files you told me to.
Ok Thats good, Just make sure you still do a scan and see if there is any trace of any infection left and then proceed to to the rest.
I cannot enable my windows firewall, this pops up when I try to:
Also my internet connection is enabled in device manager.
Well what happens when you press “Yes” if nothing happens then the virus willl have removed the firewall componets and a repair install will be your best bet.
It says it cannot start the service, how would I got about doing a repair install?
But really i would just use a better firewall as Windows firewall is not very good
I recomend “Comodo Firewall Pro” and it includes Defence Plus that uses HIPS so you will be VERY safe
Well I want to do a repair install just in case and then I will tryout Comodo Firewall but how do I do a repair install?
Just put the disc in and then restart PC and on the install there will be “do a repair install”
sorry i dont know where it is ,havnt used XP in a while
just to let you know that Comodo firewill will be very anoying for the first few days as it asks you about every single running proses buts its worth it.
Here you go mate
just follow these steps
http://michaelstevenstech.com/XPrepairinstall.htm
Thanks to everyone that helped especially Seanbond, everything is working now. Everything is fine after a repair install, I scanned again to make sure everything is clean and it is
No problem mate