1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Stuttering on Multiple games-8800 GTX-Includes Hijack log

Discussion in 'Virus & Other Malware Removal' started by Adamperkins, Sep 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    Hey, I've been encountering stuttering on my graphics card recently on many different games. It occurs even at low resolutions which the 8800 should be able to technically spank. My specs are:

    AMD athlon 64 FX 60 dual core (2.61 GHz)
    2GB RAM
    Previously mentioned Geforce 8800 GTX 768 MB
    Mainboard ASUS A8N-SLI DELUXE

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:45:52 PM, on 9/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundl32.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\lExplore.exe
    C:\WINDOWS\system32\System32i.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AIM6\aim6.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ALIENWARE\My Documents\HiJackThis.exe
    C:\Program Files\HijackThis\HiJackThis.exe
    c:\program files\aim6\anotify.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [MSUpdater] System32i.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
    O4 - HKLM\..\RunServices: [MSUpdater] System32i.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\rundl32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190336086187
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 10393 bytes


    Hope this helps, please respond!
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/

    ===============
    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    ===================

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :


    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    =====================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others as they were.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me regardless of what it finds with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    Heh. A lot of logs to post.

    SDFix: Version 1.106

    Run by ALIENWARE on Fri 09/21/2007 at 03:15 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\KDGEP.EXE - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
    "C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARMPDemo.exe"="C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARMPDemo.exe:*:Enabled:FEARMPDemo"
    "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
    "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
    "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
    "C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR"
    "C:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"="C:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe:*:Enabled:FEARXP"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\ALIENWARE\Shared\Assault That *** 12 XXX [DVDRIP][Anal][www.sexotorrent.com]\Thumbs.db
    C:\Documents and Settings\ALIENWARE\My Documents\~WRL0003.tmp
    C:\Documents and Settings\ALIENWARE\My Documents\~WRL0005.tmp
    C:\Documents and Settings\ALIENWARE\My Documents\~WRL1127.tmp
    C:\Documents and Settings\ALIENWARE\My Documents\~WRL1678.tmp
    C:\Documents and Settings\ALIENWARE\My Documents\~WRL1846.tmp
    C:\Documents and Settings\ALIENWARE\My Documents\~WRL2365.tmp
    C:\WINDOWS\SoftwareDistribution\Download\2f4f0263deb56b2d77b536cc60a04791\BIT86.tmp

    Finished!

    ====================================

    Code:
    2004-01-15 07:01      53299    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
    2004-05-14 11:30      61440    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wanpacket.dll.vir
    2004-05-14 11:30      81920    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
    2004-05-14 11:37      32896    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
    2004-05-14 13:02      225280    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
    2007-07-08 21:23      15399    --a------    C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
    2007-09-21 15:29      1212    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.dat
    2007-09-21 15:29      2418    --a------    C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.dat
    2007-09-21 15:29      29328    --a------    C:\Qoobox\Quarantine\Registry_backups\winlogon.reg.dat
    
    
    Folder PATH listing
    Volume serial number is 6C4C-B1B5
    C:\QOOBOX\QUARANTINE
    +---C
    |   +---ComboFix
    |   |       FProps.vbs.vir
    |   |       
    |   \---WINDOWS
    |       \---system32
    |           |   packet.dll.vir
    |           |   pthreadVC.dll.vir
    |           |   wanpacket.dll.vir
    |           |   wpcap.dll.vir
    |           |   
    |           \---drivers
    |                   npf.sys.vir
    |                   
    \---Registry_backups
            LEGACY_NPF.reg.dat
            services_NPF.reg.dat
            winlogon.reg.dat
            
    
    ComboFix 07-09-21.2 - "ALIENWARE" 2007-09-21 15:28:43.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1443 [GMT -7:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_NPF
    -------\NPF


    ((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
    .

    2007-09-21 15:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-21 15:15 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-09-20 20:04 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-09-20 20:03 <DIR> d-------- C:\NVIDIA
    2007-09-20 17:59 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-09-19 22:12 <DIR> d-------- C:\Program Files\SpeedFan
    2007-09-17 19:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-09-17 19:59 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-09-17 19:59 22,328 --a------ C:\DOCUME~1\ALIENW~1\APPLIC~1\PnkBstrK.sys
    2007-09-17 19:59 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-17 19:59 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-09-17 19:57 <DIR> d-------- C:\Program Files\id Software
    2007-09-17 17:27 <DIR> d-------- C:\Program Files\BitTyrant
    2007-09-16 14:53 <DIR> d-------- C:\Program Files\YouTube Downloader
    2007-09-16 14:04 <DIR> d-------- C:\Program Files\Microsoft Silverlight
    2007-09-16 14:03 <DIR> d-------- C:\temp\ext34942
    2007-09-16 14:03 <DIR> d-------- C:\temp
    2007-09-16 13:55 <DIR> d-------- C:\Program Files\Siber Systems
    2007-09-16 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    2007-09-16 13:53 <DIR> d-------- C:\Program Files\Digital Locker Assistant
    2007-09-16 13:49 <DIR> d-------- C:\Program Files\IEForge
    2007-09-10 15:07 <DIR> d-------- C:\Program Files\SySpeed
    2007-09-10 15:07 <DIR> d-------- C:\Program Files\Symantec
    2007-09-10 15:07 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
    2007-09-09 19:03 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor(2)
    2007-08-30 08:51 <DIR> d-------- C:\WINDOWS\system32\oodag
    2007-08-30 07:38 <DIR> d-------- C:\Program Files\OO Software
    2007-08-29 22:56 <DIR> d-------- C:\Program Files\Lavasoft
    2007-08-29 22:56 <DIR> d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\Lavasoft
    2007-08-29 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-27 16:15 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
    2007-08-27 16:15 <DIR> d-------- C:\Program Files\AMD
    2007-08-27 16:08 <DIR> d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\Bioshock
    2007-08-27 15:54 <DIR> d-------- C:\Program Files\2K Games
    2007-08-27 15:53 <DIR> d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\InstallShield
    2007-08-27 15:03 <DIR> d-------- C:\Program Files\Driver Cleaner PE
    2007-08-26 16:31 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2007-08-26 16:31 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2007-08-26 16:31 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
    2007-08-26 16:31 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-08-24 20:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2007-08-24 20:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2007-08-24 20:45 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
    2007-08-24 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
    2007-08-24 20:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-08-24 16:50 33 --a------ C:\WINDOWS\Bioshock Patcher.bat
    2007-08-24 16:50 2,403,096 --a------ C:\WINDOWS\infinst_autol.exe
    2007-08-24 12:31 <DIR> d-------- C:\WINDOWS\nview
    2007-08-23 21:52 <DIR> d-------- C:\Program Files\CapCom
    2007-08-23 20:09 <DIR> d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\vlc
    2007-08-23 20:08 413,760 --a------ C:\WINDOWS\system32\MPG4c32.dll
    2007-08-23 20:04 <DIR> d-------- C:\Program Files\VideoLAN
    2007-08-23 19:51 <DIR> d-------- C:\Program Files\Boilsoft ASF Converter

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-21 15:09 --------- d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\Azureus
    2007-09-21 14:32 --------- d-------- C:\Program Files\Ruckus Buck's Dangerous Mines
    2007-09-21 14:32 --------- d-------- C:\Program Files\MAIET
    2007-09-21 14:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-21 14:31 --------- d-------- C:\Program Files\Sierra
    2007-09-21 14:00 --------- d-------- C:\Program Files\MineSweeper3D
    2007-09-17 17:29 --------- d-------- C:\Program Files\Azureus
    2007-09-17 17:17 --------- d-------- C:\Program Files\Electronic Arts
    2007-09-16 15:51 --------- d-------- C:\Program Files\Warcraft III
    2007-09-11 22:28 6852864 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-09-08 16:33 --------- d-------- C:\Program Files\Common Files\Symantec Shared
    2007-09-08 16:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-08-29 22:42 --------- d-------- C:\Program Files\Norton 360
    2007-08-28 16:34 --------- d-------- C:\Program Files\World of Warcraft
    2007-08-26 18:52 --------- d-------- C:\Program Files\ReaConverter 4.0 Pro
    2007-08-26 17:15 --------- d-------- C:\Program Files\THQ
    2007-08-26 17:14 --------- d-------- C:\Program Files\Screenshot Utility
    2007-08-26 17:12 --------- d-------- C:\Program Files\Microsoft Games
    2007-08-26 17:12 --------- d-------- C:\Program Files\Common Files\Ahead
    2007-08-26 17:06 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-26 17:05 --------- d-------- C:\Program Files\AGEIA Technologies
    2007-08-25 22:01 --------- d-------- C:\Program Files\ABC Amber Image Converter
    2007-08-23 21:52 --------- d-------- C:\Program Files\Ubisoft
    2007-08-23 19:57 --------- d-------- C:\Program Files\Da3d
    2007-08-23 19:57 --------- d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\Da3d
    2007-08-21 12:28 --------- d-------- C:\Program Files\Doom 3
    2007-08-14 20:14 --------- d-------- C:\Program Files\CursorXP
    2007-08-14 19:24 --------- d-------- C:\Program Files\Codemasters
    2007-08-13 17:18 --------- d-------- C:\DOCUME~1\ALIENW~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
    2007-08-11 19:36 --------- d-------- C:\Program Files\iTunes
    2007-08-11 19:36 --------- d-------- C:\Program Files\iPod
    2007-08-11 19:35 --------- d-------- C:\Program Files\QuickTime
    2007-08-11 19:33 --------- d-------- C:\Program Files\Common Files\Apple
    2007-08-11 19:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-08-07 21:01 --------- d-------- C:\Program Files\PFConfig
    2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
    "AIM Sniffer"="" []
    "PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-06-24 10:21]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
    "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
    "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-11 22:28]
    "nwiz"="nwiz.exe" [2007-09-11 22:28 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-11 22:28]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-21 14:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="" []
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-09-16 13:55]

    C:\DOCUME~1\ALIENW~1\STARTM~1\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-06-23 20:21:02]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ALIENWARE^Start Menu^Programs^Startup^Alienware Dock.lnk]
    backup=C:\WINDOWS\pss\Alienware Dock.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    R2 WUSB54GSSVC;WUSB54GSSVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe"
    R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
    R3 athena;athena;C:\WINDOWS\system32\DRIVERS\athena.sys
    S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\C:\Program Files\Ufasoft\IcqSnif\usft_sn4.sys
    S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
    S3 XDva006;XDva006;\??\C:\WINDOWS\system32\XDva006.sys
    S3 XDva009;XDva009;\??\C:\WINDOWS\system32\XDva009.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\BSAutoRun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E80E0706-D0C0-DF53-B7E4-CC62C00195D0}]
    C:\WINDOWS\system32\rundl32.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-08 23:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-21 15:32:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-21 15:33:31 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-21 15:33
    .
    --- E O F ---
     
  4. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    Not done... SAS log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/21/2007 at 04:14 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3310
    Trace Rules Database Version: 1314

    Scan type : Complete Scan
    Total Scan Time : 00:37:05

    Memory items scanned : 448
    Memory threats detected : 0
    Registry items scanned : 5900
    Registry threats detected : 0
    File items scanned : 45870
    File threats detected : 55

    Adware.Tracking Cookie
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected]_6l6d[1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][2].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt
    C:\Documents and Settings\ALIENWARE\Cookies\[email protected][1].txt

    Adware.WhenU
    C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

    Trojan.Downloader-Gen/Suspicious
    C:\PROGRAM FILES\OO SOFTWARE\DEFRAG PROFESSIONAL\O&O.DEFRAG.V10.0.BUILD.1634.PATCH-MCCJ.EXE
     
  5. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    That's it.. heh... hope you can decipher that
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Heh a lot of problems to fix!


    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries

    Empty the recycle bin
    =============

    You still have the Superantispyware portion to do
     
  7. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    No I did the Superantispyware part, i posted it seperately
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do easy cleaner and I need a new hijack log
     
  9. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    Right you are, forgot about that hijack log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:13, on 2007-09-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\AIM6\aim6.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iTunes\iTunes.exe
    c:\program files\aim6\anotify.exe
    C:\Program Files\HijackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190336086187
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 11047 bytes
     
  10. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    I've done Easycleaner just now (there's no log for that right?)
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  12. Adamperkins

    Adamperkins Thread Starter

    Joined:
    Sep 9, 2007
    Messages:
    25
    I'm happy to say you seem to have completely healed my system. I am in debt.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/627186

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice