Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please take a look at my hijack this log and see if any thing is wrong


  • This topic is locked This topic is locked
9 replies to this topic

#1 p diddly

p diddly

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 January 2009 - 03:15 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:29 AM, on 1/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxcicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\USERS\PAUL\DESKTOP\PROCEXP.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AT&T Internet Security Suite] C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
O4 - HKLM\..\RunOnce: [ATTToolbar uninstall] C:\Program Files\ATTToolbar\uninstall.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Users\Paul\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdasa0c2.exe" /minimize
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /S
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10007 bytes

dds log file


DDS (Ver_09-01-18.01) - NTFSx86
Run by Paul at 2:29:12.89 on Mon 01/19/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1791.936 [GMT -5:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning enabled* (Updated)
FW: AT&T Internet Security Suite AT&T Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxcicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\USERS\PAUL\DESKTOP\PROCEXP.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.att.net/
uSearch Bar = hxxp://search.myidentitydefender.com/smallsearch.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [CyberDefender Early Detection Center] "c:\users\paul\appdata\local\cyberdefender internet security\antispyware\cdasa0c2.exe" /minimize
uRun: [RegistryMechanic] c:\program files\registry mechanic\rmtray.exe /S
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AT&T Internet Security Suite] c:\program files\at&t\at&t internet security suite\RPS.exe
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRunOnce: [ATTToolbar uninstall] c:\program files\atttoolbar\uninstall.exe
mRunOnce: [iolo WebUpdate Reboot]
mRunOnce: [iolo SR Reboot]
mRunOnce: [iolo DriveScrubber Reboot]
mRunOnce: [iolo AV Reboot]
mRunOnce: [iolo FW Reboot]
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
AppInit_DLLs: acaptuser32.dll

============= SERVICES / DRIVERS ===============

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-1-13 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-1-13 3768]
R4 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-1-12 67424]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-12 596336]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-12 596336]
R4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2008-9-16 7548]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-16 356920]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-1-13 200704]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-01-19 02:07 <DIR> --d----- c:\program files\Trend Micro
2009-01-18 11:47 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-01-17 13:29 <DIR> --d----- c:\programdata\Napster
2009-01-17 13:29 <DIR> --d----- c:\progra~2\Napster
2009-01-16 16:10 <DIR> -cd----- C:\hegames
2009-01-16 16:10 418 a------- c:\windows\hegames.ini
2009-01-16 16:10 306,688 a------- c:\windows\IsUninst.exe
2009-01-16 09:45 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-16 09:45 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-16 09:45 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-16 09:45 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-16 09:44 <DIR> --d----- c:\users\paul\appdata\roaming\PC Tools
2009-01-16 09:44 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-15 04:11 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-14 15:49 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-14 14:20 <DIR> --d----- c:\program files\Microsoft Plus!
2009-01-13 15:16 <DIR> -cd----- C:\Converted
2009-01-13 14:52 200,704 a------- c:\windows\system32\snmvtsvc.exe
2009-01-13 14:52 23,096 a------- c:\windows\system32\SndTAudio.sys
2009-01-13 14:52 23,096 a------- c:\windows\system32\drivers\SndTAudio.sys
2009-01-13 14:52 19,099 a------- c:\windows\system32\SndTAudio.inf
2009-01-13 14:52 10,936 a------- c:\windows\system32\SndTVideo.dll
2009-01-13 14:52 3,768 a------- c:\windows\system32\SndTVideo.sys
2009-01-13 14:52 3,768 a------- c:\windows\system32\drivers\SndTVideo.sys
2009-01-13 14:52 2,577 a------- c:\windows\system32\SndTVideo.inf
2009-01-13 14:52 2,539 a------- c:\windows\system32\SndTVideo.cat
2009-01-13 14:52 2,100 a------- c:\windows\system32\SndTAudio.cat
2009-01-13 14:52 <DIR> --d----- c:\program files\SoundTaxi
2009-01-13 11:14 70 a------- c:\windows\st_affiliate.ini
2009-01-12 23:36 <DIR> --d----- c:\users\paul\appdata\roaming\ErrorFix
2009-01-12 22:16 <DIR> --d----- c:\program files\iolo
2009-01-12 22:05 <DIR> --d----- c:\programdata\iolo
2009-01-12 22:05 <DIR> --d----- c:\progra~2\iolo
2009-01-12 16:52 <DIR> --d----- c:\users\paul\appdata\roaming\RTPlayer
2009-01-12 15:23 506,368 a------- c:\windows\system32\msxml.dll
2009-01-12 13:58 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-12 13:58 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-12 13:54 <DIR> --d----- c:\program files\iPod
2009-01-12 13:53 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-12 13:53 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-12 13:53 <DIR> --d----- c:\program files\iTunes
2009-01-12 13:32 <DIR> --d----- c:\programdata\Apple Computer
2009-01-12 11:56 <DIR> --d----- c:\programdata\Apple
2009-01-12 03:20 60 a------- c:\windows\av_affiliate.ini
2009-01-12 03:20 60 a------- c:\windows\as_affiliate.ini
2009-01-12 03:19 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-01-12 03:19 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-01-12 03:13 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-01-12 02:28 <DIR> --d----- c:\users\paul\appdata\roaming\EMCO
2009-01-11 16:55 27,936 a------- c:\windows\system32\drivers\tbhsd.sys
2009-01-11 16:50 <DIR> --d----- c:\programdata\RapidSolution
2009-01-11 16:50 <DIR> --d----- c:\program files\RapidSolution
2009-01-11 16:50 <DIR> --d----- c:\progra~2\RapidSolution
2009-01-09 02:02 <DIR> --d----- c:\users\paul\appdata\roaming\Kasper-Key_Sharing_Networ
2009-01-09 01:56 <DIR> --d----- c:\users\paul\appdata\roaming\Kaspersky_Key_Finder_(KKF
2009-01-06 23:19 <DIR> --d----- c:\program files\Netropa
2009-01-06 22:12 <DIR> --d----- c:\program files\RAM Def XT
2008-12-29 22:57 <DIR> --d----- c:\program files\VideoLAN
2008-12-27 16:12 98,304 a------- c:\windows\system32\L3CODECX.AX
2008-12-27 16:12 82,944 a------- c:\windows\system32\vct3216.acm
2008-12-27 16:12 81,920 a------- c:\windows\system32\AC3ACM.acm
2008-12-27 16:12 38,912 a------- c:\windows\system32\alf2cd.acm
2008-12-27 16:12 13,239 a------- c:\windows\system32\Scg726.acm
2008-12-27 16:12 524,288 a------- c:\windows\system32\xvidcore.dll
2008-12-27 16:12 413,760 a------- c:\windows\system32\mpg4c32.dll
2008-12-27 16:12 261,632 a------- c:\windows\system32\mcdvd_32.dll
2008-12-27 16:12 139,264 a------- c:\windows\system32\xvidvfw.dll
2008-12-27 16:12 53,248 a------- c:\windows\system32\xvid.ax
2008-12-27 16:12 156,910 a------- c:\windows\WMSysPr8.prx
2008-12-26 17:40 <DIR> --d----- c:\users\paul\appdata\roaming\AVS4YOU
2008-12-26 17:00 974,848 a------- c:\windows\system32\mfc70.dll
2008-12-26 17:00 487,424 a------- c:\windows\system32\msvcp70.dll
2008-12-26 17:00 344,064 a------- c:\windows\system32\msvcr70.dll
2008-12-26 17:00 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2008-12-26 15:30 24,576 a------- c:\windows\system32\msxml3a.dll
2008-12-26 15:30 <DIR> --d----- c:\program files\common files\AVSMedia

==================== Find3M ====================

2009-01-18 17:41 200 a------- c:\program files\INSTALL.LOG
2009-01-13 15:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-13 15:00 51,200 a------- c:\windows\inf\infpub.dat
2009-01-13 15:00 86,016 a------- c:\windows\inf\infstor.dat
2009-01-11 10:13 310 a------- c:\users\paul\appdata\roaming\wklnhst.dat
2009-01-04 18:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 18:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-31 22:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 22:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 22:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 22:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 22:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 22:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-10-31 20:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 01:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-21 22:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-21 20:22 2,048 a------- c:\windows\system32\tzres.dll
2008-07-28 03:14 15,360 a--sh--- c:\users\paul\SetupDL.exe
2008-07-27 23:39 174 a--sh--- c:\program files\desktop.ini
2008-07-27 23:28 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:31:47.21 ===============

thanks in advance

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:14 AM

Posted 30 January 2009 - 08:01 AM

Hello p diddly

Welcome to BleepingComputer :thumbup2:
========================
If you are still in need of assistance please post a new dds log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 p diddly

p diddly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 17 February 2009 - 01:17 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Paul at 13:07:50.86 on Tue 02/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2047.1096 [GMT -5:00]

AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated)
FW: AT&T Internet Security Suite AT&T Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxcicoms.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\snmvtsvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = my.att.net/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CLI.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\logitech . product registration.lnk - c:\program files\logitech\quickcam\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216878763702&h=b0c8b16bdb1218741e4104d55be26bd6/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1002000.007\SymEFA.sys [2009-1-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-1-29 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-1-29 362544]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-7-27 12800]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090212.003\IDSvix86.sys [2009-2-13 292912]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-1-29 115560]
R2 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-1-13 200704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-29 99376]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-12 38496]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-1-13 23096]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nav\1002000.007\symndisv.sys [2009-1-29 40496]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2008-9-16 7548]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-1-13 3768]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-02-16 19:10 <DIR> --d----- c:\program files\common files\Real
2009-02-16 19:06 <DIR> --d----- c:\program files\V CAST Music with Rhapsody
2009-02-13 14:50 <DIR> --d----- c:\program files\VSTplugins
2009-02-12 16:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-12 16:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 14:22 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 14:22 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-11 02:56 <DIR> --d----- c:\program files\uTorrent
2009-02-11 02:56 <DIR> --d----- c:\users\paul\appdata\roaming\uTorrent
2009-02-10 19:42 <DIR> --d----- c:\program files\CCleaner
2009-02-09 22:46 <DIR> --d----- c:\users\paul\{2257aff6-ec57-41fc-9517-7b461052680d}
2009-02-08 21:25 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-02-08 21:25 <DIR> --d----- c:\program files\Roxio
2009-02-08 21:18 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-02-08 21:18 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-02-08 20:16 <DIR> --d----- c:\program files\VistaCodecPack
2009-02-08 20:15 <DIR> --d----- c:\programdata\VistaCodecs
2009-02-08 20:15 <DIR> --d----- c:\progra~2\VistaCodecs
2009-02-08 20:13 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-02-08 14:16 <DIR> --d----- c:\program files\AnalogX
2009-02-04 23:22 <DIR> --d----- c:\windows\pss
2009-02-03 21:23 <DIR> -cdsh--- C:\$RECYCLE.BIN
2009-02-02 23:51 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-29 23:00 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-01-29 23:00 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-01-29 23:00 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-01-29 23:00 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-01-29 23:00 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-01-29 23:00 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-01-29 23:00 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-01-29 23:00 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2009-01-29 23:00 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-01-29 23:00 238,088 a------- c:\windows\system32\xactengine3_2.dll
2009-01-29 23:00 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2009-01-29 23:00 467,984 a------- c:\windows\system32\d3dx10_39.dll
2009-01-29 22:58 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2009-01-29 22:57 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-01-29 22:57 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-01-29 22:57 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-01-29 22:57 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-01-29 22:50 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-29 22:50 <DIR> --d----- c:\windows\system32\directx
2009-01-29 20:39 <DIR> --d----- c:\users\paul\appdata\roaming\DisplayTune
2009-01-29 20:36 15,920 a------- c:\windows\system32\drivers\PdiPorts.sys
2009-01-29 20:34 <DIR> --d----- c:\program files\Portrait Displays
2009-01-29 20:34 <DIR> --d----- c:\program files\common files\Portrait Displays
2009-01-29 12:53 <DIR> --d----- c:\programdata\ATI
2009-01-29 11:55 54,016 a------- c:\windows\system32\drivers\ousb2hub.sys
2009-01-29 11:55 39,040 a------- c:\windows\system32\drivers\ousbehci.sys
2009-01-29 11:55 <DIR> --d----- c:\windows\Drivers
2009-01-29 01:07 <DIR> --d----- c:\programdata\Symantec
2009-01-29 01:07 <DIR> --d----- c:\progra~2\Symantec
2009-01-29 01:06 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-01-29 01:05 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-29 01:05 <DIR> --d----- c:\program files\Symantec
2009-01-29 01:02 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-01-29 01:02 <DIR> --d----- c:\program files\Norton AntiVirus
2009-01-29 01:00 <DIR> --d----- c:\programdata\Norton
2009-01-29 01:00 <DIR> --d----- c:\progra~2\Norton
2009-01-29 00:57 <DIR> --d----- c:\programdata\NortonInstaller
2009-01-29 00:57 <DIR> --d----- c:\program files\NortonInstaller
2009-01-29 00:57 <DIR> --d----- c:\progra~2\NortonInstaller
2009-01-28 05:35 <DIR> --d----- c:\programdata\SITEguard
2009-01-28 05:35 <DIR> --d----- c:\progra~2\SITEguard
2009-01-28 05:33 <DIR> --d----- c:\program files\common files\iS3
2009-01-28 05:33 <DIR> --d----- c:\programdata\STOPzilla!
2009-01-28 05:33 <DIR> --d----- c:\progra~2\STOPzilla!
2009-01-28 00:11 <DIR> --d----- c:\programdata\Lavasoft
2009-01-26 23:17 234,536 a------- c:\windows\system32\psexec.exe
2009-01-26 21:41 <DIR> --d----- c:\program files\Data Doctor Recovery NTFS (Demo)
2009-01-26 20:41 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-26 19:59 <DIR> --d----- c:\program files\EMCO
2009-01-26 02:51 <DIR> --d----- c:\program files\Lexmark 7300 Series
2009-01-26 02:51 323,584 a------- c:\windows\system32\lxcihcp.dll
2009-01-26 02:51 274,432 a------- c:\windows\system32\lxciinst.dll
2009-01-26 01:47 <DIR> --d----- c:\program files\Audacity
2009-01-24 11:01 1,007,616 a------- c:\windows\system32\VSFilter.dll
2009-01-24 03:12 33,628,160 a------- c:\windows\system32\GWP
2009-01-24 02:37 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-01-23 21:57 <DIR> --d----- c:\program files\common files\eSellerate
2009-01-23 20:07 <DIR> --d----- c:\program files\Argente Software
2009-01-22 15:10 <DIR> --d----- c:\program files\Wise Registry Cleaner 3
2009-01-22 03:33 <DIR> --d----- c:\users\paul\appdata\roaming\Kasper-Key_Sharing_Networ
2009-01-22 01:33 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-01-22 01:33 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-01-21 21:58 <DIR> --d----- c:\users\paul\appdata\roaming\iolo
2009-01-21 19:32 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-01-21 19:32 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-01-21 04:59 <DIR> --d----- c:\programdata\Ahead
2009-01-20 19:55 <DIR> --d----- c:\programdata\LightScribe
2009-01-20 19:55 <DIR> --d----- c:\progra~2\LightScribe
2009-01-20 14:13 <DIR> --d----- c:\programdata\Nero
2009-01-20 14:13 <DIR> --d----- c:\progra~2\Nero
2009-01-19 18:03 <DIR> --d----- c:\programdata\Windows Genuine Advantage
2009-01-19 02:07 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-02-12 16:22 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-12 16:22 86,016 a------- c:\windows\inf\infstor.dat
2009-02-12 16:22 51,200 a------- c:\windows\inf\infpub.dat
2009-02-08 20:28 319,456 a------- c:\windows\DIFxAPI.dll
2009-01-29 01:05 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-29 01:05 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-14 02:15 4,235,776 a------- c:\windows\system32\drivers\atikmdag.sys
2009-01-14 00:03 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-14 00:02 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-01-14 00:01 348,160 a------- c:\windows\system32\atipdlxx.dll
2009-01-14 00:01 274,432 a------- c:\windows\system32\Oemdspif.dll
2009-01-14 00:01 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-14 00:01 286,720 a------- c:\windows\system32\Ati2evxx.dll
2009-01-13 23:59 729,088 a------- c:\windows\system32\Ati2evxx.exe
2009-01-13 23:50 2,345,472 a------- c:\windows\system32\atidxx32.dll
2009-01-13 23:44 3,963,392 a------- c:\windows\system32\atiumdag.dll
2009-01-13 23:22 4,765,696 a------- c:\windows\system32\atiumdva.dll
2009-01-13 23:08 50,688 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 23:07 122,880 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 22:59 11,247,616 a------- c:\windows\system32\atioglxx.dll
2009-01-13 22:50 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-13 21:54 57,344 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 21:53 53,248 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 21:51 3,239,936 a------- c:\windows\system32\amdcaldd.dll
2009-01-11 10:13 310 a------- c:\users\paul\appdata\roaming\wklnhst.dat
2009-01-06 11:29 109,088 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-01-06 11:29 322,080 a------- c:\windows\system32\RtkApoApi.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-07 13:08 795,648 a------- c:\windows\system32\xvidcore.dll
2008-12-07 13:08 130,048 a------- c:\windows\system32\xvidvfw.dll
2008-07-28 03:14 15,360 a--sh--- c:\users\paul\SetupDL.exe
2008-07-27 23:39 174 a--sh--- c:\program files\desktop.ini
2008-07-27 23:28 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:11:05.74 ===============

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:14 AM

Posted 17 February 2009 - 07:13 PM

Are you getting any alerts or anything?
What is happening with the computer?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 p diddly

p diddly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 18 February 2009 - 01:07 AM

it is extremely slow and when i try to burn or play video files the cpu goes to 100 percent and then stays there. i had viruses that norton seems to removed i ran malwarebytes it found 1 and removed it. i don't know what else to do please help me. could it possibly be my cpu or memory?

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:14 AM

Posted 18 February 2009 - 07:29 AM

It could be your computer period.
How much ram do you have in the system?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 p diddly

p diddly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 February 2009 - 04:25 AM

i have over 2 gb of ram. also the reason i think it may be my processor is because my cpu fan seams to be louder than i remember it being before. it used to only run loud whenever the system was doing a large task

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:14 AM

Posted 19 February 2009 - 08:40 AM

I see no signs of malware in your logs please do the following then post in this forum: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/ for the issues that you have.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
============
Delete\uninstall anything else that we have used.


System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbup2:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 p diddly

p diddly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 February 2009 - 11:53 AM

I would like to thank you enormously you guys are the greatest thing to happen to a computer :thumbup2:

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:14 AM

Posted 19 February 2009 - 01:43 PM

You are welcome :thumbup2:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users