Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Add Pop Ups And Slow Games


  • This topic is locked This topic is locked
5 replies to this topic

#1 Rex2

Rex2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 18 April 2008 - 05:00 AM

A few days ago I started getting notifications from my anti virus and spyware removal programs about some infected files. At the same time I noticed that games responded slower while friends say it runs normally for them. I have taken care of some of the problems but I still cant resolve the slow performance or the advertisement pop ups.

It says i dont have recovery console installed and was wondering if system restore works or do I need another program?

Here is the log from combo fix:


ComboFix 08-04-16.5 - Jesus Roman 2008-04-18 1:08:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.369 [GMT -7:00]
Running from: C:\Documents and Settings\Jesus Roman\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jesus Roman\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Program Files\Temporary
C:\WINDOWS\b138.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\suxwvvut.ini
C:\WINDOWS\system32\suxwvvut.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 00:07 . 2008-04-18 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-17 20:21 . 2008-04-17 20:25 166 --a------ C:\WINDOWS\wininit.ini
2008-04-17 18:29 . 2008-04-17 18:22 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-17 18:29 . 2008-04-17 18:29 2,548 --a------ C:\WINDOWS\unins000.dat
2008-04-17 18:15 . 2008-04-17 18:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 18:15 . 2008-04-17 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 23:51 . 2008-04-16 23:51 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-16 23:51 . 2008-04-16 23:53 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-15 23:19 . 2008-04-15 23:19 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-15 23:00 . 2008-04-15 23:00 30,760 --a------ C:\WINDOWS\system32\hlunuwoa.exe
2008-04-15 22:36 . 2008-04-15 22:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-15 17:12 . 2008-04-18 01:24 <DIR> d-------- C:\Program Files\Twain
2008-04-15 02:15 . 2008-04-15 02:15 <DIR> d-------- C:\WINDOWS\system32\bharebio18
2008-04-13 23:53 . 2008-04-13 23:53 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-04-13 17:22 . 2008-04-13 17:27 141,612 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-04-13 17:21 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-13 17:21 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-12 21:56 . 2008-04-12 21:56 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\Apple Computer
2008-04-12 20:44 . 2008-04-17 12:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-12 20:44 . 2008-04-12 20:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 20:35 . 2008-04-12 20:36 <DIR> d-------- C:\Program Files\QuickTime
2008-04-12 20:35 . 2008-04-12 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-12 20:34 . 2008-04-12 20:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-12 20:34 . 2008-04-12 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-12 04:32 . 2008-04-12 04:32 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\Corel
2008-04-12 04:26 . 2008-04-12 04:26 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-04-12 03:31 . 2008-04-12 03:31 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-12 03:31 . 2008-04-12 03:31 <DIR> d-------- C:\Program Files\Common Files\ATI
2008-04-12 03:30 . 2008-04-12 03:30 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-12 03:29 . 2004-07-10 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-12 03:29 . 2004-07-10 19:24 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-04-12 03:29 . 2004-07-10 19:11 131,072 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll
2008-04-12 01:09 . 2008-04-12 01:09 <DIR> d-------- C:\Program Files\Corel
2008-04-12 01:09 . 2008-04-12 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-04-12 00:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 00:59 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 23:42 . 2008-04-11 23:42 <DIR> d-------- C:\WTablet
2008-04-11 21:54 . 2008-04-18 01:23 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\WTablet
2008-04-11 21:53 . 2007-09-07 11:07 2,684,200 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-04-11 21:53 . 2007-09-07 11:04 1,380,680 --------- C:\WINDOWS\system32\PenTablet.znc
2008-04-11 21:53 . 2008-02-12 14:58 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-11 21:53 . 2008-02-12 14:58 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-11 21:53 . 2008-02-12 03:12 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-11 21:53 . 2008-02-12 03:12 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-11 21:53 . 2007-02-15 17:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-04-11 21:52 . 2008-04-11 21:52 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-04-11 21:52 . 2007-09-07 11:16 1,373,480 --------- C:\WINDOWS\system32\Pen_Tablet.exe
2008-04-11 21:52 . 2007-09-07 10:55 181,544 --------- C:\WINDOWS\system32\Wintab32.dll
2008-04-11 21:52 . 2007-09-07 11:09 128,296 --------- C:\WINDOWS\system32\Pen_Tablet.dll
2008-04-11 21:52 . 2007-02-16 11:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-04-11 21:52 . 2007-02-16 12:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-04-11 21:51 . 2008-04-11 21:53 <DIR> d-------- C:\Program Files\Tablet
2008-04-11 16:28 . 2008-04-11 16:56 <DIR> d-------- C:\FLEXLM
2008-04-11 16:21 . 2005-07-28 08:18 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-04-11 16:21 . 2008-04-18 01:23 0 --a------ C:\WINDOWS\TempFile
2008-04-11 16:18 . 2001-06-21 21:39 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-04-11 16:18 . 2001-06-21 21:39 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL
2008-04-11 16:18 . 2001-06-21 21:39 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-04-11 16:18 . 2001-06-21 21:39 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2008-04-11 16:17 . 2008-04-11 16:18 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2008-04-11 16:17 . 2001-06-21 21:39 9,949 --------- C:\WINDOWS\system32\SENTINEL.HLP
2008-04-11 16:16 . 2008-04-11 16:16 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-04-11 16:16 . 2008-04-11 16:16 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-04-11 16:16 . 2004-08-04 12:00 2,577 --a------ C:\WINDOWS\system32\config.hsp
2008-04-11 16:16 . 2008-04-11 16:16 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-04-11 15:45 . 2008-04-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-04-11 14:28 . 2008-04-11 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-11 14:26 . 2008-04-11 14:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-10 11:24 . 2008-04-10 11:24 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\Yahoo!
2008-04-10 11:24 . 2008-04-10 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-10 00:56 . 2008-04-10 00:56 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-10 00:55 . 2008-04-10 00:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-10 00:02 . 2008-04-10 00:02 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\DivX
2008-04-09 23:33 . 2008-04-09 23:34 <DIR> d-------- C:\Program Files\DivX
2008-04-09 19:51 . 2008-04-09 19:51 <DIR> d-------- C:\Program Files\uTorrent
2008-04-09 19:50 . 2008-04-12 01:05 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\uTorrent
2008-04-09 19:27 . 2008-04-09 19:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-09 19:27 . 2008-04-09 19:27 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-09 19:27 . 2008-04-09 19:27 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-04-09 19:26 . 2008-04-09 19:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 19:13 . 2008-04-09 19:13 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\vlc
2008-04-09 18:29 . 2008-04-09 18:29 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-09 17:14 . 2008-04-16 01:20 <DIR> d-------- C:\Program Files\Games
2008-04-09 13:57 . 2008-04-18 00:05 <DIR> d-------- C:\Documents and Settings\Jesus Roman\Application Data\Uniblue
2008-04-09 12:49 . 2008-04-09 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-09 12:45 . 2008-04-09 12:54 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-09 12:45 . 2008-04-11 15:45 <DIR> d-------- C:\Program Files\Autodesk
2008-04-09 12:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-09 02:43 . 2008-04-09 02:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 02:23 . 2008-04-09 02:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 02:23 . 2008-04-09 02:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 01:39 . 2008-04-09 01:39 <DIR> d-------- C:\Program Files\Gravity
2008-04-09 01:22 . 2008-04-09 01:22 <DIR> d-------- C:\Program Files\Webroot
2008-04-09 01:22 . 2008-04-09 01:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-09 01:22 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-09 01:22 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-09 01:22 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-09 01:22 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-09 01:22 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-09 01:21 . 2008-04-09 01:21 164 --a------ C:\install.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 00:40 10 ----a-w C:\Program Files\.autoreg
2008-04-09 06:11 155,995 ----a-w C:\WINDOWS\java\Packages\62DNTB7H.ZIP
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-12 23:12 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
2008-02-12 23:04 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-02-12 21:59 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-02-12 21:58 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-02-12 21:57 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-02-12 21:55 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-02-12 21:55 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-02-12 21:55 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-02-12 21:55 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-02-12 18:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-02-12 11:05 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-12 11:04 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-12 10:18 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-02-12 10:10 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-02-12 10:05 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-02-12 10:05 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-02-12 09:48 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-02-12 09:47 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-02-12 09:47 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-02-12 09:47 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-02-12 09:45 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-02-12 09:26 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-02-12 09:26 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-02-12 09:26 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-02-12 08:49 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-02-12 08:38 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-02-12 08:32 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-02-12 08:29 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-02-12 08:28 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-02-12 08:10 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-02-12 08:06 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-02-12 08:04 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-02-12 08:04 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-02-12 08:03 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-02-12 07:59 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-02-12 07:06 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A56C8CE5-09EA-4470-9F18-A3FDA7E0472F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 14:59 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 08:58 1885464]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 14:10 1398024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10 339968]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=

R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 11:16]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4daed10c-08e9-11dd-82e8-00195b689685}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 03:34:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 08:27:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-18 07:46:21 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-18 07:46:20 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 01:25:28
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-18 1:29:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 08:29:18

Pre-Run: 136,720,322,560 bytes free
Post-Run: 137,319,231,488 bytes free
.
2008-04-17 21:22:37 --- E O F ---



I'm new here so if I need to do something else please tell me. Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 Rex2

Rex2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 18 April 2008 - 07:35 PM

Update

I found a file in a folder that didn't recognize. haven't seen a pop up since doing so. Also reinstalled the games that had problems and are now working properly except for one (Ragnarök Online). While playing the game with the Task Manager open I noticed that it uses 95-100% of my CPU when open. It didn't used to do this before. While checking the process priority I noticed that it is set to Low and any time it is changed to Normal it is reseted to Low after a few seconds.

I'll continue trying to fix this problem, thanks for any help in advance.

#3 Rex2

Rex2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 23 April 2008 - 10:19 PM

Update

All problems with viruses and pop ups are now fixed. Problems with Ragnarök are still unresolved however.

Thanks.

#4 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:03:53 AM

Posted 02 May 2008 - 06:03 AM

Hello Rex2

I apologize for the delay in response as we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#5 Rex2

Rex2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 03 May 2008 - 03:37 AM

Sorry, I forgot to update.

All problems have been fixed, thanks anna.

#6 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:53 AM

Posted 03 May 2008 - 10:15 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users