• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What kind of file is this

FFactory0x

Diamond Member
C:\WINDOWS\System32\lzgwuot.exe

c:\windows\temp\nLvAXSP.exe

%systemroot%\system32\dumprep 0 -k

None of them arein task mgr but they all are in my msconfig startup and in regedit under hklm windows/run

Also getting error loading bridge.dll at startup
 
Don't know the first two, but I get that last one sometimes after I crash.. memory dump?
 
I would do the hijackthis thing if i were you (but then again, i'm paranoid)
 
Ofcourse nothing will pick them up, once they're in your system, you're fux0r.

EDIT: Try running AVG or Hi-Jack This, it might identify the virus for you.
 
hers the log
Logfile of HijackThis v1.97.7
Scan saved at 12:24:36 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rage3DTweak\RegTwk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\rage3dtweak\gameutil.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Progs2\aim\aim.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hijack\Desktop\spyware\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.anandtech.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://forums.anandtech.com/
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktine\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nLvAXSP] c:\windows\temp\nLvAXSP.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gplpfxmcmttc] C:\WINDOWS\System32\lzgwuot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/201254bd666aa2a1bb16/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4285/mcfscan.cab
 
Any program stored in a folder called "temp" that loads on every boot of the computer isn't something legit. Certainly some form of malware.

Get CWShredder, run Spybot and AdAware.
 
Originally posted by: yukichigai
Any program stored in a folder called "temp" that loads on every boot of the computer isn't something legit. Certainly some form of malware.

Get CWShredder, run Spybot and AdAware.

:thumbsup: This combo will almost always fix any spyware issue.
 
There's nothing spyware about dumprep 0 -k, however check your system event viewer, it's usually a sign something is crapping out
 
bridge is spyware. use Spybot, it will remove it. The rest are also spyware. I'd try the old Hijack This and post it to one of the spyware forums and find out what to remove.
 
nope. They dont pick any of them up. Its odd. Check out my hijack log though.
Also
i checked event veiwer
The AVG6 Service service terminated unexpectedly. It has done this 1 time(s).

thats the only x i see but theres at least 2 of these errors evey day fro what it looks like. HMmm
 
Reg edit:

HKLM > Software > Microsoft > Windows > Current Version > Run/Run Once/RunEX and delete anything that you don't recognize.

HKCU > Software > Microsoft > Windows > Current Version > Run/Run Once/RunEX also.

Also look for any suspicious keys in Current Version and delete them (back up first)
 
Back
Top