What kind of file is this

[FFactory0x]

C:\WINDOWS\System32\lzgwuot.exe

c:\windows\temp\nLvAXSP.exe

%systemroot%\system32\dumprep 0 -k

None of them arein task mgr but they all are in my msconfig startup and in regedit under hklm windows/run

Also getting error loading bridge.dll at startup

 

[dbk]

Don't know the first two, but I get that last one sometimes after I crash.. memory dump?

 

I would do the hijackthis thing if i were you (but then again, i'm paranoid)

 

[sillymofo]

Most likely worms or trojans renaming themselves. Kill them, because I'm sure you didn't install them.

 

[FFactory0x]

can i postit for ya

BTW nothing picks up the first 2

 

[isekii]

C:\WINDOWS\System32\Pwns\FFactory0x.exe

😀

You haven't happen to come across this file yet have you ?

 

[FFactory0x]

aw man. You got me so good.
😀

 

[sillymofo]

Ofcourse nothing will pick them up, once they're in your system, you're fux0r.

EDIT: Try running AVG or Hi-Jack This, it might identify the virus for you.

 

[FFactory0x]

hers the log
Logfile of HijackThis v1.97.7
Scan saved at 12:24:36 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rage3DTweak\RegTwk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\rage3dtweak\gameutil.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Progs2\aim\aim.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hijack\Desktop\spyware\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.anandtech.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://forums.anandtech.com/
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktine\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nLvAXSP] c:\windows\temp\nLvAXSP.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gplpfxmcmttc] C:\WINDOWS\System32\lzgwuot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/201254bd666aa2a1bb16/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4285/mcfscan.cab

 

[Crucial]

I absolutely hate that program. It does nothing but clog up google searches for program names.

 

[FFactory0x]

this person from another site said there all spyware

even dumprep 0 -k

 

[yukichigai]

Any program stored in a folder called "temp" that loads on every boot of the computer isn't something legit. Certainly some form of malware.

Get CWShredder, run Spybot and AdAware.

 

[Crucial]

Originally posted by: yukichigai
Any program stored in a folder called "temp" that loads on every boot of the computer isn't something legit. Certainly some form of malware.

Get CWShredder, run Spybot and AdAware.

:thumbsup: This combo will almost always fix any spyware issue.

 

[Platypus]

There's nothing spyware about dumprep 0 -k, however check your system event viewer, it's usually a sign something is crapping out

 

[Kelemvor]

bridge is spyware. use Spybot, it will remove it. The rest are also spyware. I'd try the old Hijack This and post it to one of the spyware forums and find out what to remove.

 

[FFactory0x]

nope. They dont pick any of them up. Its odd. Check out my hijack log though.
Also
i checked event veiwer
The AVG6 Service service terminated unexpectedly. It has done this 1 time(s).

thats the only x i see but theres at least 2 of these errors evey day fro what it looks like. HMmm

 

[FFactory0x]

just went into services and disabled the avg service which was set to automatic

 

[Platypus]

That would explain the memory dump.

 

post the log over in the hijackthis forum if you haven't already.

 

[sillymofo]

Reg edit:

HKLM > Software > Microsoft > Windows > Current Version > Run/Run Once/RunEX and delete anything that you don't recognize.

HKCU > Software > Microsoft > Windows > Current Version > Run/Run Once/RunEX also.

Also look for any suspicious keys in Current Version and delete them (back up first)