Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

graphicpipeline (again)

Started by Gavi , Apr 14 2007 06:05 PM

  • Please log in to reply

#1
Gavi
Posted 14 April 2007 - 06:05 PM

Gavi

    New Member

  • Member
  • Pip
  • 1 posts
I have tried to follow the directions posted in the forums but I'm still having trouble. I have downloaded HJT, but the virus closes it as soon as it opens. I have downloaded ComboFix and have the log. Could someone please tell me how to deal with graphicpipeline? I don't understand much about this.
thanks.
Here's the log from ComboFix:

"user" - 07-04-14 19:43:12 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Program Files"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ardstsoiwc\winlogon.exe
C:\WINDOWS\system32\ardstsoiwc\winlogon.ini
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\install.log
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))
2007-04-14 19:42 1,171,910 --a------ C:\Program Files\ComboFix.exe
2007-04-14 19:34 488,144 --a------ C:\Program Files\HJTSetup.exe
2007-04-12 15:53 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-12 15:52 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-12 15:48 18,040,176 --a------ C:\Program Files\Install_Messenger_nous.exe
2007-04-12 15:48 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-04-11 18:31 14,764,808 --a------ C:\Program Files\DivXInstaller.exe
2007-04-11 18:20 <DIR> d--hs---- C:\WINDOWS\system32\ardstsoiwc
2007-04-11 18:20 <DIR> d-------- C:\Program Files\LimeWire
2007-04-11 18:16 359,112 --a------ C:\Program Files\LimeWireWin.exe
2007-04-09 21:03 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-04-09 21:02 <DIR> d-------- C:\Program Files\Real
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-11 18:37 10240 --ahs---- C:\Program Files\thumbs.db
2007-04-11 18:25 360576 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-04-09 21:07 7497 --a------ C:\WINDOWS\mozver.dat
2007-03-22 20:34 185628 --a------ C:\Program Files\imgp1700.jpg
2007-03-17 09:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:48 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:48 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:48 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:49 1843968 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
"nlpo_01"=hex(2):63,6d,64,2e,65,78,65,20,2f,63,20,6d,64,20,22,25,55,53,45,52,\
50,52,4f,46,49,4c,45,25,5c,4c,6f,63,61,6c,20,53,65,74,74,69,6e,67,73,5c,54,\
65,6d,70,22,00
"nlpo_02"=hex(2):72,75,6e,64,6c,6c,33,32,20,61,64,76,70,61,63,6b,2e,64,6c,6c,\
2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,6e,6c,69,74,65,2e,69,\
6e,66,2c,6e,4c,69,74,65,52,65,67,00
"nlpo_03"=hex(2):72,75,6e,64,6c,6c,33,32,20,61,64,76,70,61,63,6b,2e,64,6c,6c,\
2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,6e,6c,69,74,65,2e,69,\
6e,66,2c,53,00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_USNJSVC


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - user.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-14 19:48:24
C:\ComboFix-quarantined-files.txt ... 07-04-14 19:48
  • 0

Advertisements

#2
Titan8990
Posted 14 April 2007 - 10:06 PM

Titan8990

    Member

  • Member
  • PipPipPipPipPip
  • 2,189 posts
This is the wrong forum. This is what you are looking for: http://www.geekstogo...o_Here-f37.html.

They like to start with a HiJackThis log first though.
  • 0
Back to Hardware, Components and Peripherals · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Hardware
  3. Hardware, Components and Peripherals

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP