|
|
|
whats wrong with my pc - i have a highjackthis report
|
|
|
shamoo82
Member
|
22. November 2008 @ 16:21 |
Link to this message
|
hello all, can you help me, something is wrong with my computer, its win xp sp3 basicly its going realy slow, cant play music as the songs stick and even getting the internet up takes about 3-4 mins, i've done all the cleaning from disc cleaner and its only recently been re-formatted, anyway heres the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:26, on 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\mondrv411.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\ppcbooster\ppcb_32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Colin\Desktop\SECRUITY\scanner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: DNSLander - {AEBB9A0D-AEB3-4763-A78A-4C09C526BEFA} - C:\Program Files\DNS Lander\DNSLander.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mondrv411] C:\WINDOWS\mondrv411.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SD6.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
--
End of file - 6261 bytes
|
|
Advertisement
|
 |
|
|
Senior Member
|
23. November 2008 @ 01:16 |
Link to this message
|
Hi shamoo82
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
shamoo82
Member
|
23. November 2008 @ 16:03 |
Link to this message
|
here it is, quite worried with the amount of trojan on it:
Malwarebytes' Anti-Malware 1.30
Database version: 1417
Windows 5.1.2600 Service Pack 3
23/11/2008 21:01:57
mbam-log-2008-11-23 (21-01-44).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 92152
Time elapsed: 4 hour(s), 43 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\DNS Lander\DNSLander.dll (Trojan.BHO) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\dnslander.bho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8c9b75d5-4e03-4ad1-951d-5128be30d61d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d0c85e42-acdf-4187-8e62-35adbd53ee82} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d7f153a9-d96c-4dff-bc6c-3c677cb08325} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{aebb9a0d-aeb3-4763-a78a-4c09c526befa} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aebb9a0d-aeb3-4763-a78a-4c09c526befa} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aebb9a0d-aeb3-4763-a78a-4c09c526befa} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d0c85e42-acdf-4187-8e62-35adbd53ee82} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\DNS Lander (Trojan.Agent) -> No action taken.
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
Files Infected:
C:\Program Files\DNS Lander\DNSLander.dll (Trojan.BHO) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
|
Senior Member
|
23. November 2008 @ 22:22 |
Link to this message
|
Hey shamoo82
Did you remove everything with Malwarebytes?
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
? Run Combo-Fix.exe and follow the prompts.
? Accept the End-User License Agreement.
? Allow the Recovery Console to be installed.
? When you see the window below, click on Yes.
? When the Recovery Console has been installed, click on Yes to start the scan.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be fully completed.
? If it requires a reboot, please do so.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
shamoo82
Member
|
25. November 2008 @ 08:34 |
Link to this message
|
thanks cdavfrew so far the comp is running much better but still the sound is sticky, maybe my sound driver is wrong or something? anyway heres the log:
ComboFix 08-11-24.03 - Colin 2008-11-25 13:25:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.517 [GMT 0:00]
Running from: c:\documents and settings\Colin\Desktop\Combo-Fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Colin\Start Menu\Programs\Startup\ppcb_32.lnk
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcb_32.exe
c:\program files\ppcbooster\ppcbu_32.exe
c:\windows\cor704836.exe
c:\windows\ee3362.exe
c:\windows\eo4.exe
c:\windows\h288.exe
c:\windows\j414.exe
c:\windows\lik02.exe
c:\windows\mondrv411.exe
c:\windows\nc605007.exe
c:\windows\tj85.exe
c:\windows\tjyvb346054.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.
2008-11-23 15:32 . 2008-11-23 15:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 15:32 . 2008-11-23 15:32 <DIR> d-------- c:\documents and settings\Colin\Application Data\Malwarebytes
2008-11-23 15:32 . 2008-11-23 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 15:32 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 15:32 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 17:49 . 2008-11-20 17:50 <DIR> d-------- c:\program files\Realtek AC97
2008-11-20 12:21 . 2008-11-20 13:00 <DIR> d--h----- C:\LG3G
2008-11-20 12:21 . 2008-11-20 12:21 <DIR> d-------- c:\documents and settings\Colin\Application Data\LG Electronics
2008-11-20 12:19 . 2008-11-20 12:19 <DIR> d-------- c:\program files\LG Electronics
2008-11-20 12:19 . 2007-12-27 11:17 21,760 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-11-20 12:19 . 2007-12-27 11:14 19,968 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-11-20 12:19 . 2007-12-27 11:15 12,672 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-11-20 12:16 . 2008-11-20 12:18 <DIR> d-------- c:\program files\LG PC Suite 2
2008-11-19 21:04 . 2008-11-19 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-19 21:03 . 2008-11-19 21:03 <DIR> d-------- c:\program files\Yahoo!
2008-11-19 21:03 . 2008-11-19 21:04 <DIR> d-------- c:\program files\CCleaner
2008-11-17 15:59 . 2008-11-17 15:59 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-17 15:57 . 2008-11-17 15:57 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-17 15:57 . 2008-11-17 15:58 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-12 19:16 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:45 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 19:43 . 2008-11-06 19:43 0 --a------ c:\windows\ativpsrm.bin
2008-11-06 19:40 . 2008-11-06 19:40 <DIR> d-------- C:\ATI
2008-11-06 18:30 . 2008-11-06 18:30 <DIR> d-------- c:\windows\Sun
2008-11-06 16:40 . 2008-11-06 16:40 <DIR> d-------- c:\program files\uTorrent
2008-11-06 16:40 . 2008-11-06 16:49 <DIR> d-------- c:\documents and settings\Colin\Application Data\uTorrent
2008-11-06 16:36 . 2008-11-18 12:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-06 16:29 . 2008-11-06 16:46 <DIR> d-------- c:\program files\RegCure
2008-10-31 17:04 . 2008-10-31 17:04 <DIR> d-------- c:\program files\ffdshow
2008-10-31 17:02 . 2008-04-14 00:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-31 16:50 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-31 16:43 . 2008-10-31 16:43 <DIR> d-------- c:\documents and settings\Colin\Incomplete
2008-10-31 16:43 . 2008-11-06 16:39 <DIR> d-------- c:\documents and settings\Colin\.limewire
2008-10-31 16:40 . 2008-10-31 16:50 <DIR> d-------- c:\program files\Java
2008-10-31 16:40 . 2008-10-31 16:40 <DIR> d-------- c:\program files\Common Files\Java
2008-10-26 19:48 . 2008-10-26 19:48 <DIR> d-------- c:\documents and settings\Colin\Application Data\ImgBurn
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 05:15 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-21 22:44 --------- d-----w c:\documents and settings\Colin\Application Data\RipIt4Me
2008-11-20 12:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 20:55 --------- d-----w c:\program files\SpeedFan
2008-11-06 16:36 --------- d-----w c:\documents and settings\Colin\Application Data\AVGTOOLBAR
2008-11-01 11:07 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-24 15:39 --------- d-----w c:\documents and settings\Colin\Application Data\Sports Interactive
2008-10-24 15:38 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 15:38 --------- d--h--r c:\documents and settings\Colin\Application Data\SecuROM
2008-10-24 15:32 --------- d--h--w c:\program files\Zero G Registry
2008-10-24 15:32 --------- d-----w c:\program files\Sports Interactive
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 19:41 --------- d-----w c:\documents and settings\Colin\Application Data\EPSON
2008-10-22 19:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-22 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2008-10-22 19:17 --------- d-----w c:\program files\epson
2008-10-22 19:10 --------- d-----w c:\documents and settings\Colin\Application Data\InstallShield
2008-10-22 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-10-22 18:44 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-22 18:44 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-22 18:44 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-22 18:44 --------- d-----w c:\program files\AVG
2008-10-22 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-22 18:30 --------- d-----w c:\program files\MSBuild
2008-10-22 18:30 --------- d-----w c:\program files\Microsoft.NET
2008-10-22 18:29 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-21 17:30 --------- d-----w c:\program files\ImgBurn
2008-10-21 16:44 --------- d-----w c:\program files\DVD Shrink
2008-10-21 16:43 --------- d-----w c:\program files\DVDCoverPrint
2008-10-21 16:43 --------- d-----w c:\program files\DVD Decrypter
2008-10-21 16:41 --------- d-----w c:\program files\Common Files\Adobe
2008-10-21 16:11 --------- d-----w c:\program files\VIA
2008-10-21 16:09 --------- d-----w c:\program files\Realtek Sound Manager
2008-10-21 16:09 --------- d-----w c:\program files\AvRack
2008-10-21 15:56 --------- d-----w c:\documents and settings\Colin\Application Data\ATI
2008-10-21 15:51 --------- d-----w c:\program files\ATI Technologies
2008-10-21 15:50 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-10-21 15:21 --------- d-----w c:\program files\Spyware Doctor
2008-10-21 15:20 --------- d-----w c:\documents and settings\Colin\Application Data\PC Tools
2008-10-21 15:19 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-21 15:19 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-21 05:41 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll
2008-09-23 21:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-01-11 960000]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-22 1234712]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-01-11 960000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-21 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-10-21 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-10-21 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-22 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-22 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-22 76040]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-11-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-mondrv411 - c:\windows\mondrv411.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\uxt8odsm.default\
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 13:27:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-11-25 13:28:38
ComboFix-quarantined-files.txt 2008-11-25 13:28:36
Pre-Run: 162,358,251,520 bytes free
Post-Run: 166,274,121,728 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
224
|
Senior Member
|
26. November 2008 @ 04:22 |
Link to this message
|
Hey shamoo82
Your logs are clean. Yes, I suppose you can try reinstalling your sound driver to see if that fixes your sound problem.
I would also like you to find this folder C:\Qoobox, zip it up, and then upload it to http://www.uploadmalware.com/
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
shamoo82
Member
|
26. November 2008 @ 13:40 |
Link to this message
|
|
thanks cdavfrew you've been a great help. cheers!!!!!
|
|
Advertisement
|
|
|
Senior Member
|
27. November 2008 @ 09:27 |
Link to this message
|
|
You're welcome, shamoo. :)
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
