Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ROJ_GEN.R47C5IK, Threat, MSPASS.EXE, HKTL_PASSREMINDE,


  • Please log in to reply
1 reply to this topic

#1 rwtes

rwtes

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 January 2011 - 05:54 AM

wont to know what should be running on xp i use this O S [X P] for gameing have some good ones going
and dont wont to reinstall all my games.i use win 7 64 and i like it but not for gameing i run with
tpm + bit locker but x p 's an old friend i guess its kind of hard to give up maby with your help i
wont have too!! oh yea few blu screens but i think cus running games at 3gb [i fixed ini]
thanx for the help

Rob T.




DDS (Ver_10-12-12.02) - NTFSx86
Run by R at 23:48:21.46 on Tue 01/25/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2885 [GMT -8:00]

AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: ZoneAlarm Firewall *Disabled*
FW: AVG Firewall *Disabled*
FW: Trend Micro Firewall Booster *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prio\prio_svc.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\R\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-ushdl
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Start WingMan Profiler] "c:\program files\logitech\gaming software\LWEMon.exe" /noui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\idmmbc.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287807669468
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-19 14776]
R1 prio;Prio;c:\windows\system32\drivers\prio.sys [2010-5-5 51408]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-1-15 196320]
R2 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2010-7-28 5120]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-1-15 64080]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2011-1-19 341072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-15 1691480]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-10-18 17488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2011-01-26 07:18:19 388096 ----a-r- c:\docume~1\r\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-24 20:42:13 -------- d-----w- c:\program files\ATI Technologies
2011-01-24 20:33:10 -------- d-----w- c:\program files\ViewSonic
2011-01-24 08:48:14 -------- d-----w- C:\Overflow
2011-01-20 05:44:27 -------- d-----w- c:\program files\Video Strip Poker DEMO
2011-01-19 22:24:29 -------- d-----w- c:\program files\Winamp Detect
2011-01-19 22:02:20 -------- d-----w- c:\program files\Shabestar.net
2011-01-19 17:10:36 -------- d-----w- c:\docume~1\r\locals~1\applic~1\WMTools Downloaded Files
2011-01-19 13:31:01 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-01-19 13:31:01 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-01-19 12:50:17 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2011-01-18 22:55:10 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-18 20:46:02 40960 ----a-r- c:\docume~1\r\applic~1\microsoft\installer\{3880fbf3-6227-41aa-b53f-a8ea05216cc1}\NewShortcut1_3880FBF3622741AAB53FA8EA05216CC1_1.exe
2011-01-18 20:44:15 40960 ----a-r- c:\docume~1\r\applic~1\microsoft\installer\{a99c800b-c5f3-48b9-ae2f-a9be1c553111}\NewShortcut1_A99C800BC5F348B9AE2FA9BE1C553111_2.exe
2011-01-18 19:06:28 -------- d-----w- c:\program files\thriXXX
2011-01-15 11:26:18 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-01-15 11:26:13 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-01-15 11:26:13 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-01-15 11:26:13 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-15 11:24:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2011-01-15 11:24:26 -------- d-----w- c:\program files\Trend Micro
2011-01-15 11:20:13 -------- d-----w- c:\windows\Internet Logs
2011-01-14 23:23:25 -------- d-----w- c:\program files\CheckPoint
2011-01-13 22:36:01 -------- d-----w- c:\windows\system32\Adobe
2011-01-13 17:59:56 -------- d-----w- c:\program files\Internet Download Manager
2011-01-13 04:24:51 -------- d-----w- c:\program files\Save Flash
2011-01-10 20:26:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\InterAction studios
2011-01-10 20:25:55 -------- d-----w- c:\program files\Chicken Invaders 4 - Ultimate Omelette
2011-01-10 03:32:07 -------- d-----w- c:\windows\Downloaded Installations
2011-01-09 21:31:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2011-01-09 21:28:41 -------- d-----w- c:\program files\Nero
2011-01-09 18:04:52 -------- dc-h--w- c:\windows\ie8
2011-01-04 22:28:04 -------- d-----w- c:\docume~1\r\locals~1\applic~1\Webroot
2011-01-04 22:27:55 -------- d-----w- c:\docume~1\r\applic~1\webroot
2011-01-04 22:13:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-01-04 22:13:33 -------- d-----w- c:\docume~1\r\locals~1\applic~1\PackageAware
2010-12-30 20:22:31 720896 ----a-w- c:\windows\iun6002.exe
2010-12-30 20:22:30 -------- d-----w- c:\program files\TuneXP
2010-12-29 16:45:01 593920 ----a-w- c:\docume~1\alluse~1\applic~1\Video Strip Poker Suprememonica[2].exe
2010-12-28 15:20:20 -------- d-----w- C:\Python26

==================== Find3M ====================

2011-01-14 07:05:10 17488 ----a-w- c:\windows\etdrv.sys
2011-01-14 07:01:03 17488 ----a-w- c:\windows\gdrv.sys
2010-12-29 16:03:38 2286080 ----a-w- c:\windows\system32\TUKernel.exe
2010-12-06 17:38:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-06 17:38:41 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-12-06 17:38:41 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 04:34:42 19722344 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-11 21:27:00 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-04 02:15:50 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-04 02:15:50 359016 ----a-w- c:\windows\vncutil.exe
2010-11-04 02:15:50 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-04 02:15:38 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-04 02:15:26 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-04 02:15:26 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-04 02:14:40 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-11-04 02:14:04 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-04 02:13:54 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-04 02:13:54 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-04 02:13:42 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 18:46:10 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 23:48:52.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 31 January 2011 - 08:00 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users