Login | Live Chat & Podcast at 1:00PM Eastern on Sunday! |
 Search | |
| |
| Thread Tools |
08-Apr-2009, 06:17 PM
#1 | |||||
 Computer display/audio skipping Lately my computer has begun skipping in audio and the display lags every second or so. It concerns me because it began recently but I can't seem to place what exactly I did immediately before it began or what changes could have caused it. It occurs when I'm listening to music on windows media player, playing games, or watching movies or streaming videos online. It doesn't happen all the time, but when it begins I simply have to wait until it stops by itself. The easiest way I have found to start the skipping is either watching a youtube or other streaming video, or to start a playlist in media player. I have also noticed if it stops while listening to music and I minimize the player window, or switch to the visualizations, it begins skipping again and does not stop. It even effects the movement of the mouse or letter showing up when I type. I ran several registry cleaners, internet security, and spyware/malware programs so I feel like most problems in those areas should be eliminated. The only thing I notice is regular spikes in CPU usage (again every second or so) up to 100%, and sometimes it stays at 100% for a while. I have been trying to solve this problem for over a week now and it seems all the info I have read makes it move faster between skipping, but the problem remains. My computer has not had any problems with these programs before and usually moves pretty fast despite how many windows I have up. I have searched through several forums with people that had similar problems but the ones I saw here seemed to be solved the easiest so I hope someone can help. System Info: Microsoft Windows XP Professional Version 2002 - Service Pack 3 AMD Turion 64 Mobile Technology ML-32 1.79 GHz, 896MB of RAM ACPI Uniprocessor PC ATI MOBILITY RADEON Xpress 200 series Running on an HP Pacillion dv5003cl Notebook PC (Have owned since April 2006) |
| |
08-Apr-2009, 09:35 PM
#2 | ||||||
| Stay away from registry cleaners. They're too aggressive and detect some valid registry entries as invalid. The end result after "cleaning" is some programs no longer working and issues with the operating system. --------------------------------------------------------------- This should've been placed in the "Windows NT/2000/XP" section instead of this section, as there's no indication at this point of an infection. You also didn't post a HijackThis log so we can see what's running in the background and if any obvious infection is present. --------------------------------------------------------------- This is the support and software site for the HP Pavilion dv5003cl laptop. You should save it in your browser favorites/bookmarks list for reference when needed. ---------------------------------------------------------------- This is the current driver for XP for the ATI Radeon Xpress 200M. It's about 3 years newer than the XP driver in the site for that laptop. Updating the graphics driver may solve the display problem. The sound device appears to be Conexant AC-Link Audio. You can confirm that by looking in the sub-menu of "Sound Video And Game Controllers" in the Device Manager. ---------------------------------------------------------------- Last edited by flavallee; 08-Apr-2009 at 09:53 PM.. |
13-Apr-2009, 01:33 AM
#4 | |||||
| I'm bringing this thread back here because in the other section no one was able to help me. I have had viruses in the past including trojans like virtumonde and Brisv.A but after downloading and scanning with a new virus protection program (ESET Smart Security) I assumed the problems would have been solved. I am pasting a HijackThis log that I ran and attaching an image of my task manager to show the CPU usage trend. I'm not sure what is causing it to be this way but I have heard repeatedly that it is most probably a program trying to access the internet or work in the background. If anyone could help me figure out which program is doing what action or how to control it I'd appreciate it. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:24:49 PM, on 4/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {CA8C98D9-CE70-4542-80B3-8E838464949E} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: trveqx.dll hfbilt.dll rivllc.dll mganix.dll O20 - Winlogon Notify: byXrPHxW - byXrPHxW.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6386 bytes |
13-Apr-2009, 09:45 AM
#5 | ||||||
| You're using BitTorrent to download "who knows what", so I can see why you would suspect an infection. I'm not a qualified malware expert in this section, so someone else will need to assist you. In the meantime, you should consider downloading and installing SUPERAntiSpyware 4.26.0.1000 and Malwarebytes Anti-Malware 1.36, updating them with the latest definition files, and then doing a full scan with them. --------------------------------------------------------------- |
13-Apr-2009, 02:48 PM
#6 | |||||
| Please read and follow all these instructions very carefully Download ComboFix from Here to your Desktop. **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer** -------------------------------------------------------------------- 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
2. Close any open browsers and any other programs you might have running Double click on combofix.exe & follow the prompts. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"Please select yes & let it download the files it needs to do this When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns Please do not install any new programs or update anything unless told to do so while we are fixing your problem.
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
14-Apr-2009, 12:35 AM
#7 | |||||
| ComboFix Log ComboFix 09-04-14.01 - Kevin Germain 04/13/2009 22:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.517 [GMT -5:00] Running from: c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: ESET Personal firewall *disabled* . ((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))))) . 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\ATI 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\ATI 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ATI 2009-04-14 02:38 . 2009-04-14 02:38 0 ----a-w c:\windows\ativpsrm.bin 2009-04-13 23:53 . 2009-02-25 20:15 593920 ------w c:\windows\system32\ati2sgag.exe 2009-04-13 23:48 . 2009-04-13 23:48 -------- d-----w C:\ATI 2009-04-13 17:50 . 2009-04-13 17:50 207520 ----a-w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-13 17:47 . 2009-04-13 17:47 -------- d-----w c:\windows\system32\XPSViewer 2009-04-13 17:44 . 2006-06-29 18:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-04-13 05:36 . 2008-04-13 23:11 32768 -c--a-w c:\windows\system32\dllcache\ativtmxx.dll 2009-04-13 05:36 . 2008-04-13 23:11 32768 ----a-w c:\windows\system32\ativtmxx.dll 2009-04-13 05:36 . 2008-04-13 23:12 23040 -c--a-w c:\windows\system32\dllcache\ativmvxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 23040 ----a-w c:\windows\system32\ativmvxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 9728 -c--a-w c:\windows\system32\dllcache\ativdaxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 9728 ----a-w c:\windows\system32\ativdaxx.ax 2009-04-13 05:36 . 2008-04-13 23:11 870784 -c--a-w c:\windows\system32\dllcache\ati3d1ag.dll 2009-04-13 05:36 . 2008-04-13 23:11 870784 ----a-w c:\windows\system32\ati3d1ag.dll 2009-04-13 05:35 . 2009-04-13 05:35 10 ----a-w c:\windows\WININIT.INI 2009-04-09 08:08 . 2008-11-01 00:36 873374 ----a-w c:\windows\system32\oem31.inf 2009-04-09 07:57 . 2009-04-09 07:57 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\BVRP Software 2009-04-08 06:14 . 2007-07-27 15:22 201728 ----a-w c:\windows\creator 2009-04-07 22:29 . 2009-04-07 22:29 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-07 22:28 . 2009-04-07 22:28 -------- d-----w c:\documents and settings\Administrator.KEVIN-DV5003CL\Application Data\DivX 2009-04-07 22:24 . 2009-04-07 22:24 -------- d-----w c:\documents and settings\Administrator.KEVIN-DV5003CL\Local Settings\Application Data\Mozilla 2009-04-04 04:02 . 2009-04-14 02:40 -------- d-----w C:\PerfLogs 2009-04-04 03:17 . 2009-04-04 03:17 -------- d--h--w c:\windows\system32\GroupPolicy 2009-04-02 07:43 . 2008-01-07 20:29 352 ---ha-w c:\windows\nod32fixtemdono.reg 2009-04-02 07:40 . 2009-04-02 07:40 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\ESET 2009-04-02 05:50 . 2009-04-14 03:18 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-04-02 02:50 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll 2009-04-02 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-04-01 20:49 . 2009-04-01 20:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2009-03-29 19:42 . 2009-03-29 19:42 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\Installer26580 2009-03-29 09:08 . 2009-03-29 09:11 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\Installer11564 2009-03-29 02:51 . 2009-04-01 07:02 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-03-26 09:48 . 2008-09-10 01:14 1307648 -c----w c:\windows\system32\dllcache\msxml6.dll 2009-03-26 09:48 . 2008-04-13 17:27 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll 2009-03-26 09:46 . 2006-12-28 19:01 19569 ----a-w c:\windows\003446_.tmp 2009-03-24 17:47 . 2009-03-24 17:47 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET 2009-03-23 03:31 . 2009-04-02 14:36 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\ESET 2009-03-23 03:16 . 2009-03-25 03:44 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2009-03-22 11:24 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-03-22 11:24 . 2008-10-16 01:00 666112 -c----w c:\windows\system32\dllcache\wininet.dll 2009-03-22 11:24 . 2008-10-16 01:00 619520 -c----w c:\windows\system32\dllcache\urlmon.dll 2009-03-22 11:23 . 2008-10-16 01:00 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll 2009-03-22 11:23 . 2008-12-05 06:54 144896 -c----w c:\windows\system32\dllcache\schannel.dll 2009-03-22 11:23 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-22 11:23 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-22 11:23 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-22 11:22 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-22 11:22 . 2008-12-12 17:01 3067904 -c----w c:\windows\system32\dllcache\mshtml.dll 2009-03-22 11:21 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-03-22 11:21 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-03-22 11:21 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-03-22 11:20 . 2008-06-17 19:02 8461312 -c----w c:\windows\system32\dllcache\shell32.dll 2009-03-22 11:07 . 2009-04-02 07:34 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2009-03-22 09:03 . 2004-08-27 21:42 35456 ----a-w c:\windows\system32\drivers\HFX10B.tmp 2009-03-22 08:56 . 2005-06-15 10:55 81920 ----a-w c:\windows\system32\SynTPCo2.dll 2009-03-22 08:39 . 2004-08-04 20:00 16896 -c--a-w c:\windows\system32\dllcache\status.dll 2009-03-22 08:38 . 2001-08-18 03:36 38912 -c--a-w c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-03-22 08:37 . 2004-08-04 20:00 9216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll 2009-03-22 08:36 . 2004-08-04 20:00 31744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll 2009-03-22 08:35 . 2004-08-04 20:00 29184 -c--a-w c:\windows\system32\dllcache\asptxn.dll 2009-03-22 08:32 . 2009-03-22 08:32 488 ---ha-r c:\windows\system32\logonui.exe.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\WindowsShell.Manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\sapi.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\nwc.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest 2009-03-22 08:32 . 2004-08-04 20:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe 2009-03-22 07:57 . 2004-08-04 20:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-03-22 07:57 . 2004-08-04 20:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-03-22 07:57 . 2004-08-04 20:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-03-22 07:57 . 2004-08-04 20:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-03-22 07:56 . 2005-03-21 16:41 7029 -c--a-w c:\windows\system32\dllcache\OEMBIOS.CAT 2009-03-22 07:56 . 2004-08-04 20:00 8574 -c--a-w c:\windows\system32\dllcache\IASNT4.CAT 2009-03-22 07:56 . 2004-08-04 20:00 797189 -c--a-w c:\windows\system32\dllcache\NT5IIS.CAT 2009-03-22 07:56 . 2004-08-04 20:00 399645 -c--a-w c:\windows\system32\dllcache\MAPIMIG.CAT 2009-03-22 07:56 . 2004-08-04 20:00 37484 -c--a-w c:\windows\system32\dllcache\MW770.CAT 2009-03-22 07:56 . 2004-08-04 20:00 13472 -c--a-w c:\windows\system32\dllcache\HPCRDP.CAT 2009-03-22 07:56 . 2004-08-04 20:00 13753 ----a-r c:\windows\SET85.tmp 2009-03-22 07:56 . 2004-08-04 20:00 1086058 ----a-r c:\windows\SET79.tmp 2009-03-22 07:56 . 2004-08-04 20:00 1042903 ----a-r c:\windows\SET76.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-14 03:14 . 2008-08-15 15:25 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\DNA 2009-04-14 03:14 . 2008-08-15 15:25 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\BitTorrent 2009-04-14 02:54 . 2008-08-15 15:25 -------- d-----w c:\program files\DNA 2009-04-14 02:44 . 2008-08-15 12:35 80120 ----a-w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-13 23:56 . 2009-04-13 23:51 -------- d-----w c:\program files\ATI Technologies 2009-04-13 23:53 . 2005-12-01 09:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-13 17:46 . 2009-04-13 17:46 -------- d-----w c:\program files\Reference Assemblies 2009-04-09 07:57 . 2009-04-09 07:57 -------- d-----w c:\program files\NetWaiting 2009-04-09 07:57 . 2005-12-01 09:41 -------- d-----w c:\program files\CONEXANT 2009-04-08 06:28 . 2009-04-08 03:04 -------- d-----w c:\program files\CCleaner 2009-04-08 06:14 . 2009-04-08 06:14 -------- d-----w c:\program files\SP36691 2009-04-06 18:59 . 2009-04-02 05:50 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-05 03:43 . 2008-08-15 12:21 96163 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-02 06:58 . 2009-03-22 11:07 -------- d-----w c:\program files\ESET 2009-04-02 03:55 . 2007-04-13 05:38 -------- d-----w c:\program files\Microsoft Games 2009-04-01 20:55 . 2005-12-01 10:18 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-01 20:54 . 2008-08-17 05:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Symantec 2009-04-01 07:02 . 2009-03-29 02:51 -------- d-----w c:\program files\NOS 2009-04-01 04:29 . 2006-04-08 23:38 -------- d-----w c:\program files\Common Files\Adobe 2009-03-28 08:22 . 2009-03-28 08:22 -------- d-----w c:\program files\MSXML 4.0 2009-03-25 03:41 . 2008-08-17 14:46 -------- d-----w c:\program files\DAEMON Tools Pro 2009-03-22 22:45 . 2008-08-17 14:42 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-22 09:00 . 2008-08-15 13:34 215 ----a-w C:\sedinst2.log 2009-03-22 09:00 . 2008-08-15 13:34 161 ----a-w C:\esuxp.log 2009-03-22 08:59 . 2005-12-01 10:12 -------- d-----w c:\program files\InterVideo 2009-03-22 08:57 . 2005-12-01 09:49 -------- d-----w c:\program files\HPQ 2009-03-22 08:56 . 2008-08-15 13:30 167 ----a-w C:\setup.log 2009-03-22 08:56 . 2008-08-15 13:27 191 ----a-w C:\syntp.log 2009-03-22 08:55 . 2008-08-15 13:26 224 ----a-w C:\LAN.log 2009-03-22 08:30 . 2008-08-15 12:18 23312 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-22 08:30 . 2009-03-22 08:29 1071 ----a-w c:\windows\Inf\COM15D.tmp 2009-03-14 19:38 . 2008-08-15 14:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-03-09 10:03 . 2009-03-09 10:03 121984 ----a-w c:\windows\system32\drivers\Rtnicxp.sys 2009-03-03 17:18 . 2009-03-03 17:18 73728 ----a-w c:\windows\system32\RtNicProp32.dll 2009-02-25 22:58 . 2005-09-27 13:46 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2005-09-27 13:47 325120 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2005-09-27 13:33 3817984 ----a-w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2005-09-27 13:27 2670080 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat 2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat 2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2005-09-27 12:47 626688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-20 02:12 . 2007-03-13 03:29 -------- d-----w c:\program files\QuickTime 2009-02-16 18:56 . 2008-08-15 13:48 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer 2009-02-16 18:53 . 2009-02-16 18:53 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\Apple Computer 2009-02-16 07:15 . 2009-02-16 07:15 -------- d-----w c:\program files\Apple Software Update 2009-02-16 07:15 . 2009-02-16 07:15 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple 2009-02-09 11:13 . 2004-08-04 20:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-01-31 17:58 . 2009-01-31 11:45 376 ----a-w C:\VundoFix.txt 2009-01-29 08:46 . 2009-01-29 08:45 90 ----a-w C:\bcmwl5.log 2009-01-29 06:47 . 2008-08-15 14:03 31989 ----a-w C:\DNSP1.LOG 2009-01-29 06:44 . 2008-08-15 14:00 2896 ----a-w C:\sunjava.log 2009-01-29 06:42 . 2008-08-15 13:54 87 ----a-w C:\muvee.log 2009-01-29 06:40 . 2008-08-15 13:53 12460 ----a-w C:\mszone.log 2009-01-29 06:40 . 2008-08-15 13:49 161 ----a-w C:\mscuxp.log 2009-01-29 06:31 . 2008-08-15 13:43 171 ----a-w C:\HSC.log 2009-01-29 06:26 . 2008-08-15 13:38 182 ----a-w C:\Guide.log 2009-01-29 06:13 . 2008-08-15 13:27 33 ----a-w C:\ticrdbus.log 2009-01-28 21:10 . 2009-01-28 21:10 2 ----a-w C:\255908842 2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat 2009-01-25 05:04 . 2009-01-25 05:03 44994 ----a-w c:\windows\system32\fccaAsTn.dll 2009-01-16 09:48 . 2009-01-16 09:50 410984 ----a-w c:\windows\system32\deploytk.dll 2007-01-15 03:08 . 2007-01-15 03:06 6522775 -c--a-w c:\program files\cwasetup.exe 2006-12-12 19:19 . 2006-12-12 19:19 1528 ----a-w c:\program files\main.ini 2006-10-22 19:26 . 2006-10-22 19:26 2002069 ----a-w c:\program files\yahoo_texttwist_tm1-1.exe 2006-10-07 00:25 . 2006-04-10 19:33 36656704 -c--a-w c:\program files\iTunesSetup.exe 2006-10-05 07:10 . 2006-10-05 07:09 23608632 -c--a-w c:\program files\wmp11-windowsxp-x86-enu.exe 2006-09-06 02:47 . 2006-09-06 02:47 774144 -c--a-w c:\program files\RngInterstitial.dll 2006-08-31 00:36 . 2006-08-31 00:36 18552594 -c--a-w c:\program files\klcodec276f.exe 2006-08-31 00:15 . 2006-08-31 00:14 15149416 -c--a-w c:\program files\DivXInstaller.exe 2006-08-05 05:32 . 2006-08-05 05:32 5037072 -c--a-w c:\program files\spybotsd14.exe 2006-06-02 17:20 . 2006-06-02 17:17 15397494 -c--a-w c:\program files\sumo.avi 2006-06-02 04:51 . 2006-06-02 04:51 20738128 ----a-w c:\program files\kevin1.avi 2006-06-02 04:46 . 2006-06-02 04:43 14306708 -c--a-w c:\program files\kevin2.avi 2006-04-28 18:00 . 2006-04-28 18:00 905728 -c--a-w c:\program files\iview398.exe 2006-04-14 19:09 . 2006-04-14 19:07 15557928 -c--a-w c:\program files\DivXPlay.exe 2006-04-11 02:05 . 2006-04-11 02:05 359112 -c--a-w c:\program files\LimeWireWin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-12-09 637232] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 eraserutildrv10910;eraserutildrv10910; [x] S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E] \Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{1e0e59ff-bf23-11dd-9556-0014a56cb782}] \Shell\AutoRun\command - E:\nq0cq.cmd \Shell\explore\Command - E:\nq0cq.cmd \Shell\open\Command - E:\nq0cq.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{203637c7-c73a-11dd-9558-0014a56cb782}] \shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-03-22 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-05 05:57] 2009-04-05 c:\windows\Tasks\System Restore.job - c:\windows\system32\Restore\rstrui.exe [2008-08-15 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\Mozilla\Firefox\Profiles\k2jgw538.default\ FF - prefs.js: network.proxy.type - 4 ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-13 22:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?8?7?2??????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1248) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2144) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: ~,10time:~,-3 ComboFix-quarantined-files.txt 2009-04-14 03:21 ComboFix2.txt 2009-04-14 03:06 Pre-Run: 14,605,201,408 bytes free Post-Run: 14,591,213,568 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 287 --- E O F --- 2009-04-02 07:08 |
14-Apr-2009, 12:40 AM
#8 | |||||
| HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:25:32 PM, on 4/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6508 bytes |
14-Apr-2009, 02:24 PM
#9 | |||||
| You appear to have hack/crack to make Eset smart security/NOD32 trial version turn to unpaid for full version if this is so then using a cracked version of an antivirus is no only dangerous but stupid as it leaves you open to massive avenues of attack If this is the case I decline to offer any further assistance because you are using pirated software
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
16-Apr-2009, 04:40 PM
#10 | |||||
| I am sorry. I tried to purchase smart security but when i downloaded it the update fuction wasnt working. When i searched through forums to solve the problem I found the fix/crack that allows downloading updates for people with my same problem, but I didnt think about it being free as well. I have since uninstalled the software (both fix and antivirus program) and i hope u can still help me but I understand if you won't. In case i have added in recent hijackthis an combofix logs below. |
16-Apr-2009, 04:42 PM
#11 | |||||
| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:17:53 PM, on 4/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6202 bytes |
16-Apr-2009, 04:46 PM
#12 | |||||
| ComboFix 09-04-17.01 - Kevin Germain 04/16/2009 14:22.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.571 [GMT -5:00] Running from: c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 ))))))))))))))))))))))))))))))) . 2009-04-15 19:31 . 2009-04-15 19:44 1374 ----a-w c:\windows\imsins.BAK 2009-04-15 16:59 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 16:59 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 16:59 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 16:59 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 16:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 16:59 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 16:59 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 16:59 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 16:59 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 13:49 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 13:49 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 13:49 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\ATI 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\ATI 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ATI 2009-04-14 02:38 . 2009-04-14 02:38 0 ----a-w c:\windows\ativpsrm.bin 2009-04-13 23:53 . 2009-02-25 20:15 593920 ------w c:\windows\system32\ati2sgag.exe 2009-04-13 23:48 . 2009-04-13 23:48 -------- d-----w C:\ATI 2009-04-13 17:50 . 2009-04-13 17:50 207520 ----a-w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-13 17:47 . 2009-04-13 17:47 -------- d-----w c:\windows\system32\XPSViewer 2009-04-13 17:44 . 2006-06-29 18:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-04-13 05:36 . 2008-04-13 23:11 32768 -c--a-w c:\windows\system32\dllcache\ativtmxx.dll 2009-04-13 05:36 . 2008-04-13 23:11 32768 ----a-w c:\windows\system32\ativtmxx.dll 2009-04-13 05:36 . 2008-04-13 23:12 23040 -c--a-w c:\windows\system32\dllcache\ativmvxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 23040 ----a-w c:\windows\system32\ativmvxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 9728 -c--a-w c:\windows\system32\dllcache\ativdaxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 9728 ----a-w c:\windows\system32\ativdaxx.ax 2009-04-13 05:36 . 2008-04-13 23:11 870784 -c--a-w c:\windows\system32\dllcache\ati3d1ag.dll 2009-04-13 05:36 . 2008-04-13 23:11 870784 ----a-w c:\windows\system32\ati3d1ag.dll 2009-04-13 05:35 . 2009-04-13 05:35 10 ----a-w c:\windows\WININIT.INI 2009-04-09 08:08 . 2008-11-01 00:36 873374 ----a-w c:\windows\system32\oem31.inf 2009-04-09 07:57 . 2009-04-09 07:57 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\BVRP Software 2009-04-08 06:14 . 2007-07-27 15:22 201728 ----a-w c:\windows\creator 2009-04-07 22:29 . 2009-04-07 22:29 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-07 22:28 . 2009-04-07 22:28 -------- d-----w c:\documents and settings\Administrator.KEVIN-DV5003CL\Application Data\DivX 2009-04-07 22:24 . 2009-04-07 22:24 -------- d-----w c:\documents and settings\Administrator.KEVIN-DV5003CL\Local Settings\Application Data\Mozilla 2009-04-04 04:02 . 2009-04-14 02:40 -------- d-----w C:\PerfLogs 2009-04-04 03:17 . 2009-04-04 03:17 -------- d--h--w c:\windows\system32\GroupPolicy 2009-04-02 07:40 . 2009-04-02 07:40 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\ESET 2009-04-02 05:50 . 2009-04-14 03:18 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-04-02 02:50 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll 2009-04-02 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-04-01 20:49 . 2009-04-01 20:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2009-03-29 19:42 . 2009-03-29 19:42 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\Installer26580 2009-03-29 09:08 . 2009-03-29 09:11 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\Installer11564 2009-03-29 02:51 . 2009-04-01 07:02 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-03-26 09:48 . 2008-09-10 01:14 1307648 -c----w c:\windows\system32\dllcache\msxml6.dll 2009-03-26 09:48 . 2008-04-13 17:27 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll 2009-03-26 09:46 . 2006-12-28 19:01 19569 ----a-w c:\windows\003446_.tmp 2009-03-24 17:47 . 2009-03-24 17:47 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET 2009-03-23 03:31 . 2009-04-02 14:36 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\ESET 2009-03-23 03:16 . 2009-03-25 03:44 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2009-03-22 11:24 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-03-22 11:24 . 2009-02-20 08:10 666112 -c----w c:\windows\system32\dllcache\wininet.dll 2009-03-22 11:24 . 2009-02-20 08:10 619520 -c----w c:\windows\system32\dllcache\urlmon.dll 2009-03-22 11:23 . 2009-03-02 23:04 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll 2009-03-22 11:23 . 2008-12-05 06:54 144896 -c----w c:\windows\system32\dllcache\schannel.dll 2009-03-22 11:23 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-22 11:23 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-22 11:23 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-22 11:22 . 2009-02-08 00:02 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-22 11:22 . 2009-02-20 08:11 3068416 -c----w c:\windows\system32\dllcache\mshtml.dll 2009-03-22 11:21 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-03-22 11:21 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-03-22 11:21 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-03-22 11:20 . 2008-06-17 19:02 8461312 -c----w c:\windows\system32\dllcache\shell32.dll 2009-03-22 11:07 . 2009-04-02 07:34 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2009-03-22 09:03 . 2004-08-27 21:42 35456 ----a-w c:\windows\system32\drivers\HFX10B.tmp 2009-03-22 08:56 . 2005-06-15 10:55 81920 ----a-w c:\windows\system32\SynTPCo2.dll 2009-03-22 08:39 . 2004-08-04 20:00 16896 -c--a-w c:\windows\system32\dllcache\status.dll 2009-03-22 08:38 . 2001-08-18 03:36 38912 -c--a-w c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-03-22 08:37 . 2004-08-04 20:00 9216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll 2009-03-22 08:36 . 2004-08-04 20:00 31744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll 2009-03-22 08:35 . 2004-08-04 20:00 29184 -c--a-w c:\windows\system32\dllcache\asptxn.dll 2009-03-22 08:32 . 2009-03-22 08:32 488 ---ha-r c:\windows\system32\logonui.exe.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\WindowsShell.Manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\sapi.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\nwc.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest 2009-03-22 08:32 . 2004-08-04 20:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe 2009-03-22 07:57 . 2004-08-04 20:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-03-22 07:57 . 2004-08-04 20:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-03-22 07:57 . 2004-08-04 20:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-03-22 07:57 . 2004-08-04 20:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-03-22 07:56 . 2005-03-21 16:41 7029 -c--a-w c:\windows\system32\dllcache\OEMBIOS.CAT 2009-03-22 07:56 . 2004-08-04 20:00 8574 -c--a-w c:\windows\system32\dllcache\IASNT4.CAT 2009-03-22 07:56 . 2004-08-04 20:00 797189 -c--a-w c:\windows\system32\dllcache\NT5IIS.CAT 2009-03-22 07:56 . 2004-08-04 20:00 399645 -c--a-w c:\windows\system32\dllcache\MAPIMIG.CAT 2009-03-22 07:56 . 2004-08-04 20:00 37484 -c--a-w c:\windows\system32\dllcache\MW770.CAT 2009-03-22 07:56 . 2004-08-04 20:00 13472 -c--a-w c:\windows\system32\dllcache\HPCRDP.CAT 2009-03-22 07:56 . 2004-08-04 20:00 13753 ----a-r c:\windows\SET85.tmp 2009-03-22 07:56 . 2004-08-04 20:00 1086058 ----a-r c:\windows\SET79.tmp 2009-03-22 07:56 . 2004-08-04 20:00 1042903 ----a-r c:\windows\SET76.tmp 2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-16 19:22 . 2008-08-15 15:25 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\DNA 2009-04-16 19:22 . 2008-08-15 15:25 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\BitTorrent 2009-04-16 19:12 . 2008-08-15 15:25 -------- d-----w c:\program files\DNA 2009-04-14 02:44 . 2008-08-15 12:35 80120 ----a-w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-13 23:56 . 2009-04-13 23:51 -------- d-----w c:\program files\ATI Technologies 2009-04-13 23:53 . 2005-12-01 09:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-13 17:46 . 2009-04-13 17:46 -------- d-----w c:\program files\Reference Assemblies 2009-04-09 07:57 . 2009-04-09 07:57 -------- d-----w c:\program files\NetWaiting 2009-04-09 07:57 . 2005-12-01 09:41 -------- d-----w c:\program files\CONEXANT 2009-04-08 06:28 . 2009-04-08 03:04 -------- d-----w c:\program files\CCleaner 2009-04-08 06:14 . 2009-04-08 06:14 -------- d-----w c:\program files\SP36691 2009-04-06 18:59 . 2009-04-02 05:50 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-05 03:43 . 2008-08-15 12:21 96163 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-02 06:58 . 2009-03-22 11:07 -------- d-----w c:\program files\ESET 2009-04-02 03:55 . 2007-04-13 05:38 -------- d-----w c:\program files\Microsoft Games 2009-04-01 20:55 . 2005-12-01 10:18 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-01 20:54 . 2008-08-17 05:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Symantec 2009-04-01 07:02 . 2009-03-29 02:51 -------- d-----w c:\program files\NOS 2009-04-01 04:29 . 2006-04-08 23:38 -------- d-----w c:\program files\Common Files\Adobe 2009-03-28 08:22 . 2009-03-28 08:22 -------- d-----w c:\program files\MSXML 4.0 2009-03-25 03:41 . 2008-08-17 14:46 -------- d-----w c:\program files\DAEMON Tools Pro 2009-03-22 22:45 . 2008-08-17 14:42 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-22 09:00 . 2008-08-15 13:34 215 ----a-w C:\sedinst2.log 2009-03-22 09:00 . 2008-08-15 13:34 161 ----a-w C:\esuxp.log 2009-03-22 08:59 . 2005-12-01 10:12 -------- d-----w c:\program files\InterVideo 2009-03-22 08:57 . 2005-12-01 09:49 -------- d-----w c:\program files\HPQ 2009-03-22 08:56 . 2008-08-15 13:30 167 ----a-w C:\setup.log 2009-03-22 08:56 . 2008-08-15 13:27 191 ----a-w C:\syntp.log 2009-03-22 08:55 . 2008-08-15 13:26 224 ----a-w C:\LAN.log 2009-03-22 08:30 . 2008-08-15 12:18 23312 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-22 08:30 . 2009-03-22 08:29 1071 ----a-w c:\windows\Inf\COM15D.tmp 2009-03-14 19:38 . 2008-08-15 14:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-03-09 10:03 . 2009-03-09 10:03 121984 ----a-w c:\windows\system32\drivers\Rtnicxp.sys 2009-03-06 14:22 . 2004-08-04 20:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 17:18 . 2009-03-03 17:18 73728 ----a-w c:\windows\system32\RtNicProp32.dll 2009-02-25 22:58 . 2005-09-27 13:46 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2005-09-27 13:47 325120 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2005-09-27 13:33 3817984 ----a-w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2005-09-27 13:27 2670080 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat 2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat 2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2005-09-27 12:47 626688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-20 08:10 . 2004-08-04 20:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 20:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 02:12 . 2007-03-13 03:29 -------- d-----w c:\program files\QuickTime 2009-02-16 18:56 . 2008-08-15 13:48 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer 2009-02-16 18:53 . 2009-02-16 18:53 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\Apple Computer 2009-02-16 07:15 . 2009-02-16 07:15 -------- d-----w c:\program files\Apple Software Update 2009-02-16 07:15 . 2009-02-16 07:15 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple 2009-02-09 12:10 . 2004-08-04 20:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 20:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 20:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 20:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 20:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 00:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 20:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-04 20:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 20:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 20:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-31 17:58 . 2009-01-31 11:45 376 ----a-w C:\VundoFix.txt 2009-01-29 08:46 . 2009-01-29 08:45 90 ----a-w C:\bcmwl5.log 2009-01-29 06:47 . 2008-08-15 14:03 31989 ----a-w C:\DNSP1.LOG 2009-01-29 06:44 . 2008-08-15 14:00 2896 ----a-w C:\sunjava.log 2009-01-29 06:42 . 2008-08-15 13:54 87 ----a-w C:\muvee.log 2009-01-29 06:40 . 2008-08-15 13:53 12460 ----a-w C:\mszone.log 2009-01-29 06:40 . 2008-08-15 13:49 161 ----a-w C:\mscuxp.log 2009-01-29 06:31 . 2008-08-15 13:43 171 ----a-w C:\HSC.log 2009-01-29 06:26 . 2008-08-15 13:38 182 ----a-w C:\Guide.log 2009-01-29 06:13 . 2008-08-15 13:27 33 ----a-w C:\ticrdbus.log 2009-01-28 21:10 . 2009-01-28 21:10 2 ----a-w C:\255908842 2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat 2009-01-25 05:04 . 2009-01-25 05:03 44994 ----a-w c:\windows\system32\fccaAsTn.dll 2007-01-15 03:08 . 2007-01-15 03:06 6522775 -c--a-w c:\program files\cwasetup.exe 2006-12-12 19:19 . 2006-12-12 19:19 1528 ----a-w c:\program files\main.ini 2006-10-22 19:26 . 2006-10-22 19:26 2002069 ----a-w c:\program files\yahoo_texttwist_tm1-1.exe 2006-10-07 00:25 . 2006-04-10 19:33 36656704 -c--a-w c:\program files\iTunesSetup.exe 2006-10-05 07:10 . 2006-10-05 07:09 23608632 -c--a-w c:\program files\wmp11-windowsxp-x86-enu.exe 2006-09-06 02:47 . 2006-09-06 02:47 774144 -c--a-w c:\program files\RngInterstitial.dll 2006-08-31 00:36 . 2006-08-31 00:36 18552594 -c--a-w c:\program files\klcodec276f.exe 2006-08-31 00:15 . 2006-08-31 00:14 15149416 -c--a-w c:\program files\DivXInstaller.exe 2006-08-05 05:32 . 2006-08-05 05:32 5037072 -c--a-w c:\program files\spybotsd14.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-14_02.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-16 19:09 . 2009-04-16 19:09 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat - 2008-08-16 07:00 . 2007-08-11 02:46 26488 c:\windows\system32\spupdsvc.exe + 2008-08-16 07:00 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe - 2004-08-04 20:00 . 2009-04-13 17:52 72554 c:\windows\system32\perfc009.dat + 2004-08-04 20:00 . 2009-04-15 21:04 72554 c:\windows\system32\perfc009.dat - 2008-08-15 12:17 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll + 2008-08-15 12:17 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll + 2004-08-04 20:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll - 2004-08-04 20:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll + 2008-08-15 12:17 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll - 2008-08-15 12:17 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll + 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 20:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe + 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll + 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll + 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll + 2004-08-04 20:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll - 2004-08-04 20:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll + 2008-08-15 12:16 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe + 2008-08-15 12:16 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2008-08-15 12:16 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll + 2004-08-04 20:00 . 2009-02-20 08:10 619520 c:\windows\system32\urlmon.dll - 2004-08-04 20:00 . 2008-10-16 01:00 619520 c:\windows\system32\urlmon.dll - 2004-08-04 20:00 . 2009-04-13 17:52 445096 c:\windows\system32\perfh009.dat + 2004-08-04 20:00 . 2009-04-15 21:04 445096 c:\windows\system32\perfh009.dat - 2008-08-15 12:17 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll + 2008-08-15 12:17 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll - 2008-08-15 12:17 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll + 2008-08-15 12:17 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll + 2008-08-15 12:17 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll + 2004-08-04 20:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll - 2004-08-04 20:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll + 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll + 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll + 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll - 2004-08-04 20:00 . 2008-10-16 01:00 1499136 c:\windows\system32\shdocvw.dll + 2004-08-04 20:00 . 2009-03-02 23:04 1499136 c:\windows\system32\shdocvw.dll + 2004-08-04 20:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll - 2004-08-04 20:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll + 2004-08-04 20:00 . 2009-02-20 08:11 3068416 c:\windows\system32\mshtml.dll - 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll + 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll + 2009-03-22 11:23 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-03-22 11:23 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-03-22 11:23 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-03-22 11:22 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-03-22 11:22 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-03-22 11:23 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2009-03-22 11:23 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-20 18:52 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-12-09 637232] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 eraserutildrv10910;eraserutildrv10910; [x] S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E] \Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{1e0e59ff-bf23-11dd-9556-0014a56cb782}] \Shell\AutoRun\command - E:\nq0cq.cmd \Shell\explore\Command - E:\nq0cq.cmd \Shell\open\Command - E:\nq0cq.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{203637c7-c73a-11dd-9558-0014a56cb782}] \shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-03-22 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-05 05:57] 2009-04-05 c:\windows\Tasks\System Restore.job - c:\windows\system32\Restore\rstrui.exe [2008-08-15 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\Mozilla\Firefox\Profiles\k2jgw538.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-16 14:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?8?7?2??????? ???B?????????????hLC? ?????? scanning hidden files ... c:\docume~1\KEVING~1.KEV\LOCALS~1\Temp\Perflib_Perfdata_bc0.dat 16384 bytes scan completed successfully hidden files: 1 |
16-Apr-2009, 04:46 PM
#13 | |||||
| ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2840) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-04-16 14:33 ComboFix-quarantined-files.txt 2009-04-16 19:33 ComboFix2.txt 2009-04-14 03:22 ComboFix3.txt 2009-04-14 03:06 Pre-Run: 14,430,085,120 bytes free Post-Run: 14,419,337,216 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 359 --- E O F --- 2009-04-15 19:44 |
17-Apr-2009, 04:06 AM
#14 | |||||
| you need an antivirus on it first Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save) Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished Close any open browsers Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.  This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log. Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum reboot if it doesn't do it automatically then try here & see if you have PIO mode enabled instead of DMA http://winhlp.com/node/10 let us know the results
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
19-Apr-2009, 01:38 AM
#15 | |||||
| ComboFix 09-04-19.01 - Kevin Germain 04/18/2009 18:09.4 - NTFSx86 Running from: c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Desktop\CFScript.txt FILE :: c:\windows\Tasks\NSSstub.job c:\windows\Tasks\System Restore.job E:\nq0cq.cmd . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\NSSstub.job c:\windows\Tasks\System Restore.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_eraserutildrv10910 -------\Service_eraserutildrv10910 ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-15 19:31 . 2009-04-15 19:44 1374 ----a-w c:\windows\imsins.BAK 2009-04-15 16:59 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 16:59 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 16:59 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 16:59 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 16:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 16:59 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 16:59 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 16:59 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 16:59 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 13:49 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 13:49 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 13:49 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\ATI 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\ATI 2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ATI 2009-04-14 02:38 . 2009-04-14 02:38 0 ----a-w c:\windows\ativpsrm.bin 2009-04-13 23:53 . 2009-02-25 20:15 593920 ------w c:\windows\system32\ati2sgag.exe 2009-04-13 23:48 . 2009-04-13 23:48 -------- d-----w C:\ATI 2009-04-13 17:50 . 2009-04-13 17:50 207520 ----a-w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-13 17:47 . 2009-04-13 17:47 -------- d-----w c:\windows\system32\XPSViewer 2009-04-13 17:44 . 2006-06-29 18:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-04-13 05:36 . 2008-04-13 23:11 32768 -c--a-w c:\windows\system32\dllcache\ativtmxx.dll 2009-04-13 05:36 . 2008-04-13 23:11 32768 ----a-w c:\windows\system32\ativtmxx.dll 2009-04-13 05:36 . 2008-04-13 23:12 23040 -c--a-w c:\windows\system32\dllcache\ativmvxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 23040 ----a-w c:\windows\system32\ativmvxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 9728 -c--a-w c:\windows\system32\dllcache\ativdaxx.ax 2009-04-13 05:36 . 2008-04-13 23:12 9728 ----a-w c:\windows\system32\ativdaxx.ax 2009-04-13 05:36 . 2008-04-13 23:11 870784 -c--a-w c:\windows\system32\dllcache\ati3d1ag.dll 2009-04-13 05:36 . 2008-04-13 23:11 870784 ----a-w c:\windows\system32\ati3d1ag.dll 2009-04-13 05:35 . 2009-04-13 05:35 10 ----a-w c:\windows\WININIT.INI 2009-04-09 08:08 . 2008-11-01 00:36 873374 ----a-w c:\windows\system32\oem31.inf 2009-04-09 07:57 . 2009-04-09 07:57 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\BVRP Software 2009-04-08 06:14 . 2007-07-27 15:22 201728 ----a-w c:\windows\creator 2009-04-07 22:29 . 2009-04-07 22:29 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-07 22:28 . 2009-04-07 22:28 -------- d-----w c:\documents and settings\Administrator.KEVIN-DV5003CL\Application Data\DivX 2009-04-07 22:24 . 2009-04-07 22:24 -------- d-----w c:\documents and settings\Administrator.KEVIN-DV5003CL\Local Settings\Application Data\Mozilla 2009-04-04 04:02 . 2009-04-14 02:40 -------- d-----w C:\PerfLogs 2009-04-04 03:17 . 2009-04-04 03:17 -------- d--h--w c:\windows\system32\GroupPolicy 2009-04-02 07:40 . 2009-04-02 07:40 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\ESET 2009-04-02 05:50 . 2009-04-14 03:18 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-04-02 02:50 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll 2009-04-02 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll 2009-04-01 20:49 . 2009-04-01 20:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2009-03-29 19:42 . 2009-03-29 19:42 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\Installer26580 2009-03-29 09:08 . 2009-03-29 09:11 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\Installer11564 2009-03-29 02:51 . 2009-04-01 07:02 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-03-26 09:48 . 2008-09-10 01:14 1307648 -c----w c:\windows\system32\dllcache\msxml6.dll 2009-03-26 09:48 . 2008-04-13 17:27 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll 2009-03-26 09:46 . 2006-12-28 19:01 19569 ----a-w c:\windows\003446_.tmp 2009-03-24 17:47 . 2009-03-24 17:47 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET 2009-03-23 03:31 . 2009-04-02 14:36 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\ESET 2009-03-23 03:16 . 2009-03-25 03:44 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2009-03-22 11:24 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-03-22 11:24 . 2009-02-20 08:10 666112 -c----w c:\windows\system32\dllcache\wininet.dll 2009-03-22 11:24 . 2009-02-20 08:10 619520 -c----w c:\windows\system32\dllcache\urlmon.dll 2009-03-22 11:23 . 2009-03-02 23:04 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll 2009-03-22 11:23 . 2008-12-05 06:54 144896 -c----w c:\windows\system32\dllcache\schannel.dll 2009-03-22 11:23 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-22 11:23 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-22 11:23 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-22 11:22 . 2009-02-08 00:02 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-22 11:22 . 2009-02-20 08:11 3068416 -c----w c:\windows\system32\dllcache\mshtml.dll 2009-03-22 11:21 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys 2009-03-22 11:21 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-03-22 11:21 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys 2009-03-22 11:20 . 2008-06-17 19:02 8461312 -c----w c:\windows\system32\dllcache\shell32.dll 2009-03-22 11:07 . 2009-04-02 07:34 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2009-03-22 09:03 . 2004-08-27 21:42 35456 ----a-w c:\windows\system32\drivers\HFX10B.tmp 2009-03-22 08:56 . 2005-06-15 10:55 81920 ----a-w c:\windows\system32\SynTPCo2.dll 2009-03-22 08:39 . 2004-08-04 20:00 16896 -c--a-w c:\windows\system32\dllcache\status.dll 2009-03-22 08:38 . 2001-08-18 03:36 38912 -c--a-w c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-03-22 08:37 . 2004-08-04 20:00 9216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll 2009-03-22 08:36 . 2004-08-04 20:00 31744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll 2009-03-22 08:35 . 2004-08-04 20:00 29184 -c--a-w c:\windows\system32\dllcache\asptxn.dll 2009-03-22 08:32 . 2009-03-22 08:32 488 ---ha-r c:\windows\system32\logonui.exe.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\WindowsShell.Manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\sapi.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\nwc.cpl.manifest 2009-03-22 08:32 . 2009-03-22 08:32 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest 2009-03-22 08:32 . 2004-08-04 20:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe 2009-03-22 07:57 . 2004-08-04 20:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-03-22 07:57 . 2004-08-04 20:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-03-22 07:57 . 2004-08-04 20:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-03-22 07:57 . 2004-08-04 20:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-03-22 07:56 . 2005-03-21 16:41 7029 -c--a-w c:\windows\system32\dllcache\OEMBIOS.CAT 2009-03-22 07:56 . 2004-08-04 20:00 8574 -c--a-w c:\windows\system32\dllcache\IASNT4.CAT 2009-03-22 07:56 . 2004-08-04 20:00 797189 -c--a-w c:\windows\system32\dllcache\NT5IIS.CAT 2009-03-22 07:56 . 2004-08-04 20:00 399645 -c--a-w c:\windows\system32\dllcache\MAPIMIG.CAT 2009-03-22 07:56 . 2004-08-04 20:00 37484 -c--a-w c:\windows\system32\dllcache\MW770.CAT 2009-03-22 07:56 . 2004-08-04 20:00 13472 -c--a-w c:\windows\system32\dllcache\HPCRDP.CAT 2009-03-22 07:56 . 2004-08-04 20:00 13753 ----a-r c:\windows\SET85.tmp 2009-03-22 07:56 . 2004-08-04 20:00 1086058 ----a-r c:\windows\SET79.tmp 2009-03-22 07:56 . 2004-08-04 20:00 1042903 ----a-r c:\windows\SET76.tmp 2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 23:24 . 2008-08-15 15:25 -------- d-----w c:\program files\DNA 2009-04-18 23:24 . 2008-08-15 15:25 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\DNA 2009-04-18 23:17 . 2008-08-15 15:25 -------- d-----w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\BitTorrent 2009-04-16 19:42 . 2009-04-16 19:42 29045 ----a-w C:\ComboFix 20090416.txt 2009-04-14 02:44 . 2008-08-15 12:35 80120 ----a-w c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-13 23:56 . 2009-04-13 23:51 -------- d-----w c:\program files\ATI Technologies 2009-04-13 23:53 . 2005-12-01 09:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-13 17:46 . 2009-04-13 17:46 -------- d-----w c:\program files\Reference Assemblies 2009-04-09 07:57 . 2009-04-09 07:57 -------- d-----w c:\program files\NetWaiting 2009-04-09 07:57 . 2005-12-01 09:41 -------- d-----w c:\program files\CONEXANT 2009-04-08 06:28 . 2009-04-08 03:04 -------- d-----w c:\program files\CCleaner 2009-04-08 06:14 . 2009-04-08 06:14 -------- d-----w c:\program files\SP36691 2009-04-06 18:59 . 2009-04-02 05:50 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-05 03:43 . 2008-08-15 12:21 96163 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-02 06:58 . 2009-03-22 11:07 -------- d-----w c:\program files\ESET 2009-04-02 03:55 . 2007-04-13 05:38 -------- d-----w c:\program files\Microsoft Games 2009-04-01 20:55 . 2005-12-01 10:18 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-01 20:54 . 2008-08-17 05:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Symantec 2009-04-01 07:02 . 2009-03-29 02:51 -------- d-----w c:\program files\NOS 2009-04-01 04:29 . 2006-04-08 23:38 -------- d-----w c:\program files\Common Files\Adobe 2009-03-28 08:22 . 2009-03-28 08:22 -------- d-----w c:\program files\MSXML 4.0 2009-03-25 03:41 . 2008-08-17 14:46 -------- d-----w c:\program files\DAEMON Tools Pro 2009-03-22 22:45 . 2008-08-17 14:42 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-22 09:00 . 2008-08-15 13:34 215 ----a-w C:\sedinst2.log 2009-03-22 09:00 . 2008-08-15 13:34 161 ----a-w C:\esuxp.log 2009-03-22 08:59 . 2005-12-01 10:12 -------- d-----w c:\program files\InterVideo 2009-03-22 08:57 . 2005-12-01 09:49 -------- d-----w c:\program files\HPQ 2009-03-22 08:56 . 2008-08-15 13:30 167 ----a-w C:\setup.log 2009-03-22 08:56 . 2008-08-15 13:27 191 ----a-w C:\syntp.log 2009-03-22 08:55 . 2008-08-15 13:26 224 ----a-w C:\LAN.log 2009-03-22 08:30 . 2008-08-15 12:18 23312 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-22 08:30 . 2009-03-22 08:29 1071 ----a-w c:\windows\Inf\COM15D.tmp 2009-03-14 19:38 . 2008-08-15 14:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-03-09 10:03 . 2009-03-09 10:03 121984 ----a-w c:\windows\system32\drivers\Rtnicxp.sys 2009-03-06 14:22 . 2004-08-04 20:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 17:18 . 2009-03-03 17:18 73728 ----a-w c:\windows\system32\RtNicProp32.dll 2009-02-25 22:58 . 2005-09-27 13:46 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2005-09-27 13:47 325120 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2005-09-27 13:33 3817984 ----a-w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2005-09-27 13:27 2670080 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat 2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat 2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2005-09-27 12:47 626688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-20 08:10 . 2004-08-04 20:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 20:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 02:12 . 2007-03-13 03:29 -------- d-----w c:\program files\QuickTime 2009-02-09 12:10 . 2004-08-04 20:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 20:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 20:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 20:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 20:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 00:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 20:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-04 20:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 20:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 20:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-31 17:58 . 2009-01-31 11:45 376 ----a-w C:\VundoFix.txt 2009-01-29 08:46 . 2009-01-29 08:45 90 ----a-w C:\bcmwl5.log 2009-01-29 06:47 . 2008-08-15 14:03 31989 ----a-w C:\DNSP1.LOG 2009-01-29 06:44 . 2008-08-15 14:00 2896 ----a-w C:\sunjava.log 2009-01-29 06:42 . 2008-08-15 13:54 87 ----a-w C:\muvee.log 2009-01-29 06:40 . 2008-08-15 13:53 12460 ----a-w C:\mszone.log 2009-01-29 06:40 . 2008-08-15 13:49 161 ----a-w C:\mscuxp.log 2009-01-29 06:31 . 2008-08-15 13:43 171 ----a-w C:\HSC.log 2009-01-29 06:26 . 2008-08-15 13:38 182 ----a-w C:\Guide.log 2009-01-29 06:13 . 2008-08-15 13:27 33 ----a-w C:\ticrdbus.log 2009-01-28 21:10 . 2009-01-28 21:10 2 ----a-w C:\255908842 2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat 2009-01-25 05:04 . 2009-01-25 05:03 44994 ----a-w c:\windows\system32\fccaAsTn.dll 2007-01-15 03:08 . 2007-01-15 03:06 6522775 -c--a-w c:\program files\cwasetup.exe 2006-12-12 19:19 . 2006-12-12 19:19 1528 ----a-w c:\program files\main.ini 2006-10-22 19:26 . 2006-10-22 19:26 2002069 ----a-w c:\program files\yahoo_texttwist_tm1-1.exe 2006-10-07 00:25 . 2006-04-10 19:33 36656704 -c--a-w c:\program files\iTunesSetup.exe 2006-10-05 07:10 . 2006-10-05 07:09 23608632 -c--a-w c:\program files\wmp11-windowsxp-x86-enu.exe 2006-09-06 02:47 . 2006-09-06 02:47 774144 -c--a-w c:\program files\RngInterstitial.dll 2006-08-31 00:36 . 2006-08-31 00:36 18552594 -c--a-w c:\program files\klcodec276f.exe 2006-08-31 00:15 . 2006-08-31 00:14 15149416 -c--a-w c:\program files\DivXInstaller.exe 2006-08-05 05:32 . 2006-08-05 05:32 5037072 -c--a-w c:\program files\spybotsd14.exe 2006-06-02 17:20 . 2006-06-02 17:17 15397494 -c--a-w c:\program files\sumo.avi 2006-06-02 04:51 . 2006-06-02 04:51 20738128 ----a-w c:\program files\kevin1.avi 2006-06-02 04:46 . 2006-06-02 04:43 14306708 -c--a-w c:\program files\kevin2.avi . ((((((((((((((((((((((((((((( SnapShot_2009-04-16_19.29.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-18 23:21 . 2009-04-18 23:21 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-12-09 637232] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E] \Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b669f91c-18ee-11de-95b1-0014a56cb782}] \Shell\AutoRun\command - D:\setup.exe /autorun \Shell\directx\command - d:\directx\dxsetup.exe \Shell\setup\command - D:\setup.exe . Contents of the 'Scheduled Tasks' folder 2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kevin Germain.KEVIN-DV5003CL\Application Data\Mozilla\Firefox\Profiles\k2jgw538.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-18 18:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?8?7?2??P???? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eraserutildrv10910] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2044) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\HPQ\Shared\hpqwmi.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-04-18 18:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 23:33 ComboFix2.txt 2009-04-16 19:33 ComboFix3.txt 2009-04-14 03:22 ComboFix4.txt 2009-04-14 03:06 Pre-Run: 14,392,553,472 bytes free Post-Run: 14,373,863,424 bytes free Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 323 --- E O F --- 2009-04-15 19:44 |
|
| Tags |
audio, display, lagging, skipping, video  |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 02:14 AM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile