smitfraud.? codec virus?

Discussion in 'Windows - Virus and spyware problems' started by lops444, Jun 30, 2009.

  1. lops444

    lops444 Member

    Joined:
    Jun 30, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Hello all. I was looking over the forums and appreciate the help the techs here provide for people in need

    that said -
    Ive spent years off and on with computers. I recently rebuilt a decent system. it was running AWESOME!! fast downloads, plenty of h.d. space and ram. I could run multiple programs with absolute ease. from the time i hit the power button till i was @ windows login, was maybe 15 seconds.
    and from the time I logged on, till it was done with all processes was maybe 6 seconds.

    But one day, and I really am under the assumption this is the day it all happened, I was on bangbros porn site. stupid me. it said I needed to download a video codec. so i did

    ive downloaded codecs before and never had issues...
    but the next day, and days to follow since, this computer runs like crap. when I log in, the logon noise windows makes; will studder . when I open windows media player sometimes, the songs will skip, or if i open a program same thing. this computer is running waaaaay slow now. I check the task manager, and something eats up the CPU bad!!! however, the system ram isnt really being used.. its the cpu being bogged down.
    Ive ran numerous virus scans - lavassoft adaware, and avast, and havent detected any virus's.
    I tried to do a trend micro housecall but it wont work...
    so i downloaded combofix which I saw on one of these forums and did a scan..
    heres the log



    ComboFix 09-06-29.02 - Byros 06/30/2009 10:57.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.790 [GMT -7:00]
    Running from: d:\documents and settings\Byros\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
    .

    2009-06-30 00:17 . 2009-06-30 00:17 -------- d-----w- d:\documents and settings\Byros\Application Data\Malwarebytes
    2009-06-30 00:17 . 2009-06-17 18:27 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-30 00:17 . 2009-06-30 00:17 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-30 00:17 . 2009-06-17 18:27 19096 ----a-w- d:\windows\system32\drivers\mbam.sys
    2009-06-30 00:17 . 2009-06-30 00:17 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
    2009-06-29 18:57 . 2009-06-29 18:57 314712 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2009-06-29 18:56 . 2009-06-29 18:56 25440 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
    2009-06-29 18:56 . 2009-06-29 18:56 169312 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2009-06-29 18:56 . 2009-06-29 18:56 348496 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2009-06-29 18:55 . 2009-06-29 18:55 298336 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2009-06-29 18:54 . 2009-06-29 18:54 84832 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2009-06-29 18:50 . 2009-06-29 18:50 1630560 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-06-29 18:48 . 2009-06-29 18:48 246128 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2009-06-29 18:47 . 2009-06-29 18:47 40288 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2009-06-29 18:47 . 2009-06-29 18:47 85352 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
    2009-06-29 18:47 . 2009-06-29 18:47 664424 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2009-06-29 18:46 . 2009-06-29 18:46 563064 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2009-06-29 18:45 . 2009-06-29 18:45 0 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-06-29 18:43 . 2009-06-29 18:43 629072 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
    2009-06-29 18:42 . 2009-06-29 18:42 520024 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-06-29 18:41 . 2009-06-29 18:41 1029456 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-06-25 05:18 . 1998-07-15 19:39 2897 ----a-w- d:\windows\system32\LV.EXE
    2009-06-25 05:18 . 1996-08-24 18:11 197648 ----a-w- d:\windows\system32\UNIDRV.DLL
    2009-06-25 05:18 . 1995-07-14 09:43 26768 ----a-w- d:\windows\system32\CTL3D.DLL
    2009-06-25 05:08 . 2009-06-25 05:08 -------- d-----w- d:\program files\Zebra Technologies
    2009-06-25 05:01 . 1997-01-18 17:40 299520 ----a-w- d:\windows\uninst.exe
    2009-06-25 05:00 . 2009-06-25 05:00 -------- d-----w- d:\documents and settings\Byros\WINDOWS
    2009-06-11 20:49 . 2009-06-25 04:56 -------- d-----w- d:\windows\A6W_DATA
    2009-06-01 18:55 . 2009-06-01 18:55 15688 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2009-06-01 18:45 . 2009-06-01 18:45 559464 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-30 00:50 . 2009-02-18 22:25 -------- d--h--w- d:\program files\InstallShield Installation Information
    2009-06-30 00:50 . 2009-05-08 02:26 -------- d-----w- d:\program files\Ascentive
    2009-06-02 05:10 . 2009-02-20 19:27 -------- d-----w- d:\program files\dl_Cats
    2009-05-11 18:36 . 2009-02-23 21:35 15688 ----a-w- d:\windows\system32\lsdelete.exe
    2009-05-11 18:36 . 2009-05-11 18:36 64160 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
    2009-05-11 18:36 . 2009-02-23 19:35 64160 ----a-w- d:\windows\system32\drivers\Lbd.sys
    2009-05-08 19:30 . 2009-05-08 19:30 -------- d-----w- d:\program files\MSXML 4.0
    2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- d:\windows\system32\localspl.dll
    2009-04-29 04:56 . 2003-03-31 12:00 827392 ----a-w- d:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- d:\windows\system32\ieencode.dll
    2009-04-26 04:00 . 2009-02-19 07:22 1915520 ----a-w- d:\documents and settings\Byros\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- d:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2003-03-31 12:00 585216 ----a-w- d:\windows\system32\rpcrt4.dll
    2009-04-02 22:55 . 2009-05-08 02:26 217088 ----a-w- d:\windows\system32\ConTest.dll
    2003-01-13 18:20 . 2003-01-13 18:20 278528 ----a-w- d:\program files\internet explorer\plugins\PanoViewer.dll
    1999-04-30 23:00 . 1999-04-30 23:00 98304 ----a-w- d:\program files\internet explorer\plugins\UPjpeg.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
    "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
    "Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-11 516440]
    "QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-03-17 413696]
    "SoundMan"="SOUNDMAN.EXE" - d:\windows\SOUNDMAN.EXE [2005-09-21 86016]
    "AlcWzrd"="ALCWZRD.EXE" - d:\windows\ALCWZRD.EXE [2005-09-21 2807808]

    d:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-18 113664]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^iMicro Wireless Utility.lnk]
    path=d:\documents and settings\All Users\Start Menu\Programs\Startup\iMicro Wireless Utility.lnk
    backup=d:\windows\pss\iMicro Wireless Utility.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=d:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=d:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Games\\Westwood\\RA2\\patchget.dat"=
    "c:\\Games\\Westwood\\RA2\\game.exe"=
    "d:\\WINDOWS\\system32\\dlcxcoms.exe"=
    "c:\\Games\\Raven\\SOF\\SoF.exe"=
    "d:\\Program Files\\Messenger\\msmsgs.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "e:\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
    "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "d:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2/23/2009 12:35 PM 64160]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 953168]
    S2 dlcx_device;dlcx_device;d:\windows\system32\dlcxcoms.exe -service --> d:\windows\system32\dlcxcoms.exe -service [?]
    S2 EAPPkt;Realtek EAPPkt Protocol;d:\windows\system32\drivers\EAPPkt.sys [3/9/2009 9:13 PM 38144]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);d:\windows\system32\drivers\A3AB.sys [2/18/2009 3:32 PM 547744]
    S3 tbcspud;Santa Cruz Driver;d:\windows\system32\drivers\tbcspud.sys [6/23/2003 1:15 PM 149632]
    S3 tbcwdm;Santa Cruz WDM Driver;d:\windows\system32\drivers\tbcwdm.sys [6/23/2003 1:15 PM 554304]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-29 d:\windows\Tasks\Ad-Aware Update (Weekly).job
    - d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:35]

    2009-03-17 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2009-06-30 d:\windows\Tasks\WGASetup.job
    - d:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-30 11:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(240)
    d:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-06-30 11:05
    ComboFix-quarantined-files.txt 2009-06-30 18:05

    Pre-Run: 8,508,850,176 bytes free
    Post-Run: 8,478,846,976 bytes free

    134 --- E O F --- 2009-06-12 00:27



    I have heard of something odd however.. and ive seen it twice.. sometimes people think they have a virus bcause the cpu slows so much.. they arent able to play dvds and the like, and it is because of dust on the cpu. yea im not joking , ive seen that twice... but i dont see dust loaded in my system...
     
  2. d4rkn1ght

    d4rkn1ght Member

    Joined:
    Jan 14, 2009
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    16
    Hi lops44

    First of all, I noticed that you have no antivirus?

    1.
    Please download Avira AntiVir Personal and install it. Follow the prompts and reboot if required.

    Launch Avira AntiVir Personal either by running C:\Program Files\Avira\AntiVir Desktop\avcenter.exe or by right-clicking on the Antivir icon in your task bar (it looks like a white umbrella with a red background) and click on Start AntiVir.

    Configuring AntiVir

    • Click on Configuration.
    • Make sure Expert mode is checked
    • Expand +Scanner > +Scan.
    • Click on Action for concerning files.
    • Check Automatic, and set Primary Action: to repair, then Secondary Action to quarantine.
    • Click on Heuristic.
    • Make sure Macrovirus heuristic, Win32 file heuristic, and Medium detection level are checked.

    • Expand +General and click on Extended threat categories.
    • Check everything off the list except Application (APPL), Jokes, Games, and Unusual runtime compression
    • Click on the button OK at the bottom of the window.

    Updating AntiVir

    • At the main window, click on Start update.
    • Wait for AntiVir to be fully updated.

    Scanning Time

    • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
    • Launch AntiVir.
    • At the main window, click on Scan system now.
    • Wait for the scan to complete, and then click on Report. A Notepad window will pop up. Save this onto your computer.
    • Click on End, and reboot your computer.

    Post A Log

    • Post the contents of the report you saved.

    If you didn't save the report,
    • Launch AntiVir
    • Under Overview, click on Reports.
    • Choose the report listed at the top, and right-click on it.
    • Click on Display report.
    • Click on Report file.
    • Copy and paste the contents of the log here in your next post.

    [​IMG]

    2.
    • Please download RSIT from here.
    • Please download the HijackThis zip file and unzip HijackThis.exe into the same folder as RSIT.exe. We will need it later.
    • Run RSIT.exe and follow the prompts.
    • When the scan is finished, two notepad windows will pop up; log.txt and info.txt. They are also located at C:\rsit.
    • Post log.txt and info.txt here.

    [​IMG]

    Things I'll need in your next post:
    1. Antivir scan log
    2. RSIT logs

    Best Regards :D
     
  3. lops444

    lops444 Member

    Joined:
    Jun 30, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    I had Avast before. I had run it, which it didnt detect any virus's then I uninstalled it.
    Now I just installed the ativirus u mentioned and did everything as u requested. however there was no box to check Win32 file heuristic
    here is the log @ the end

    Avira AntiVir Personal
    Report file date: Wednesday, July 01, 2009 13:00

    Scanning for 1442962 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Save mode
    Username : Administrator
    Computer name : BYRON

    Version information:
    BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
    AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 17:14:47
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 19:54:02
    ANTIVIR2.VDF : 7.1.4.133 2048 Bytes 6/24/2009 19:54:02
    ANTIVIR3.VDF : 7.1.4.165 278528 Bytes 7/1/2009 19:54:03
    Engineversion : 8.2.0.199
    AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 19:52:04
    AESCRIPT.DLL : 8.1.2.10 418171 Bytes 7/1/2009 19:54:09
    AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 19:02:01
    AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41
    AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 00:07:20
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/1/2009 19:54:08
    AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/1/2009 19:54:08
    AEHELP.DLL : 8.1.3.6 205174 Bytes 7/1/2009 19:54:04
    AEGEN.DLL : 8.1.1.46 348533 Bytes 7/1/2009 19:54:04
    AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40
    AECORE.DLL : 8.1.6.12 180599 Bytes 5/28/2009 00:07:20
    AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
    AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
    AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:39:58
    RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: d:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: repair
    Secondary action....................: quarantine
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +SPR,

    Start of the scan: Wednesday, July 01, 2009 13:00

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'AAWService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    15 processes with 15 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '54' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Software and Games>
    C:\Games\GameSpy Arcade\ArcadePatch14c_14d.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '4aaec148.qua'!
    Begin scan in 'D:\' <OS>
    D:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    D:\Documents and Settings\Byros\Desktop\SmitfraudFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\Reboot.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program
    --> SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '4ab4c458.qua'!
    Begin scan in 'E:\' <Website and Files>


    End of the scan: Wednesday, July 01, 2009 13:56
    Used time: 55:43 Minute(s)

    The scan has been done completely.

    7938 Scanned directories
    203659 Files were scanned
    3 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    2 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    203655 Files not concerned
    1700 Archives were scanned
    1 Warnings
    3 Notes



    I dont get it.. I dont see any virus's other then the trojan from gamespay patch.
    smitfraudfx was a program I downloaded in another forum for tech help with virus's

    please help..
    :(
     
  4. d4rkn1ght

    d4rkn1ght Member

    Joined:
    Jan 14, 2009
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    16
    Hey lops444

    Could you post the RSIT logs? Thanks.

    Hmmm... could you say what video codec you installed? What was its name?

    I'm beginning to suspect that possibly this isn't a malware issue; possibly hardware??

    Best Regards :D
     
  5. lops444

    lops444 Member

    Joined:
    Jun 30, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    I dont remember the name of the codec.. it was a few months ago. im hoping the RSIT I just ran, picked it up. It could be a hardware issue, but i kinda doubt it... mainly because I havent changed any hardware settings. i mean this happened liek RIGHT after I installed the codec. it was the next day. ALso I did blow the crap outta my computer a few days ago with air. so It isnt dust on the CPU which ive seen slow systems down severely..heres ur logLogfile of random's system information tool 1.06 (written by random/random)
    Run by Byros at 2009-07-07 09:16:43
    Microsoft Windows XP Professional Service Pack 3
    System drive D: has 7 GB (33%) free of 20 GB
    Total RAM: 1022 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:16:44 AM, on 7/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\WINDOWS\system32\dlcxcoms.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\ALCWZRD.EXE
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\Windows Media Player\wmplayer.exe
    D:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Documents and Settings\Byros\Local Settings\Temporary Internet Files\Content.IE5\6SKUP9AU\RSIT[1].exe
    D:\Program Files\trend micro\Byros.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235004121530
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: dlcx_device - - D:\WINDOWS\system32\dlcxcoms.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    --
    End of file - 5699 bytes

    ======Scheduled tasks folder======

    D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    D:\WINDOWS\tasks\AppleSoftwareUpdate.job
    D:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    SingleInstance Class - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2005-09-21 86016]
    "AlcWzrd"=D:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]
    "StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "Ad-Watch"=D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-11 516440]
    "QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-03-17 413696]
    "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-15 202024]
    "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    D:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
    D:\Program Files\Ascentive\Performance Center\ApcMain.exe -m []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^iMicro Wireless Utility.lnk]
    D:\PROGRA~1\iMicro\RtWlan.exe [2008-04-15 790528]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    D:\PROGRA~1\WinZip\WZQKPICK.EXE [2001-11-27 106560]

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.exe.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    D:\WINDOWS\system32\Ati2evxx.dll [2009-01-13 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\Games\Westwood\RA2\patchget.dat"="C:\Games\Westwood\RA2\patchget.dat:*:Enabled:patchgrabber"
    "C:\Games\Westwood\RA2\game.exe"="C:\Games\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
    "D:\WINDOWS\system32\dlcxcoms.exe"="D:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server"
    "C:\Games\Raven\SOF\SoF.exe"="C:\Games\Raven\SOF\SoF.exe:*:Enabled:SoF"
    "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "E:\Macromedia\Dreamweaver MX\Dreamweaver.exe"="E:\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
    "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "D:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="D:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "D:\Program Files\Internet Explorer\iexplore.exe"="D:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "E:\Macromedia\Fireworks MX\Fireworks.exe"="E:\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======File associations======

    .js - open - "E:\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

    ======List of files/folders created in the last 3 months======

    2009-07-07 09:14:39 ----D---- D:\Program Files\trend micro
    2009-07-07 09:14:38 ----D---- D:\rsit
    2009-07-06 10:24:19 ----D---- D:\Documents and Settings\Byros\Application Data\WinRAR
    2009-07-06 10:23:56 ----D---- D:\Program Files\WinRAR
    2009-07-01 12:50:47 ----D---- D:\Program Files\Avira
    2009-07-01 12:50:47 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
    2009-07-01 11:50:35 ----SHD---- D:\RECYCLER
    2009-06-30 11:05:31 ----D---- D:\WINDOWS\temp
    2009-06-30 11:05:30 ----A---- D:\ComboFix.txt
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\zip.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\SWXCACLS.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\SWSC.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\SWREG.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\sed.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\PEV.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\NIRCMD.exe
    2009-06-30 10:55:32 ----A---- D:\WINDOWS\grep.exe
    2009-06-30 10:55:28 ----D---- D:\WINDOWS\ERDNT
    2009-06-30 10:55:23 ----D---- D:\Qoobox
    2009-06-29 17:17:58 ----D---- D:\Documents and Settings\Byros\Application Data\Malwarebytes
    2009-06-29 17:17:44 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-06-29 17:17:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
    2009-06-24 22:18:19 ----A---- D:\WINDOWS\system32\UNIDRV.DLL
    2009-06-24 22:18:19 ----A---- D:\WINDOWS\system32\LV.EXE
    2009-06-24 22:18:19 ----A---- D:\WINDOWS\system32\CTL3D.DLL
    2009-06-24 22:08:27 ----D---- D:\Program Files\Zebra Technologies
    2009-06-24 22:01:21 ----A---- D:\WINDOWS\uninst.exe
    2009-06-11 17:27:47 ----HDC---- D:\WINDOWS\$NtUninstallKB961501$
    2009-06-11 17:27:40 ----HDC---- D:\WINDOWS\$NtUninstallKB969898$
    2009-06-11 17:25:03 ----HDC---- D:\WINDOWS\$NtUninstallKB970238$
    2009-06-11 17:23:18 ----HDC---- D:\WINDOWS\$NtUninstallKB968537$
    2009-06-11 13:49:21 ----D---- D:\WINDOWS\A6W_DATA
    2009-06-11 13:49:21 ----A---- D:\WINDOWS\A6W.INI
    2009-06-06 15:44:19 ----A---- D:\WINDOWS\WORDPAD.INI
    2009-05-08 12:30:36 ----D---- D:\Program Files\MSXML 4.0
    2009-05-07 19:26:35 ----A---- D:\WINDOWS\system32\sqlite3.dll
    2009-05-07 19:26:35 ----A---- D:\WINDOWS\system32\ascbalon.dll
    2009-05-07 19:26:34 ----D---- D:\Program Files\Ascentive
    2009-05-07 19:26:34 ----A---- D:\WINDOWS\system32\SQLiteWrapper.dll
    2009-05-07 19:26:34 ----A---- D:\WINDOWS\system32\ConTest.dll
    2009-05-06 09:52:42 ----D---- D:\WINDOWS\system32\appmgmt
    2009-05-05 18:08:37 ----D---- D:\WINDOWS\system32\KB905474
    2009-04-29 14:03:18 ----A---- D:\WINDOWS\ntbtlog.txt
    2009-04-28 13:08:18 ----HDC---- D:\WINDOWS\$NtUninstallKB961503$
    2009-04-26 16:25:39 ----HDC---- D:\WINDOWS\$NtUninstallKB929399$
    2009-04-26 16:25:19 ----HDC---- D:\WINDOWS\$NtUninstallKB939683$
    2009-04-26 16:24:55 ----HDC---- D:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-04-26 16:24:51 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$
    2009-04-26 16:24:42 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP11$
    2009-04-25 21:55:07 ----N---- D:\WINDOWS\system32\spmsg.dll
    2009-04-25 21:55:06 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$
    2009-04-25 21:54:44 ----D---- D:\Program Files\Windows Media Connect 2
    2009-04-25 21:54:31 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$
    2009-04-25 21:53:33 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$
    2009-04-25 21:52:56 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$
    2009-04-25 21:44:26 ----D---- D:\WINDOWS\pss
    2009-04-25 17:03:16 ----D---- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    2009-04-25 17:03:04 ----A---- D:\WINDOWS\system32\DSETUP.dll
    2009-04-25 17:03:04 ----A---- D:\WINDOWS\system32\DolbyHph.dll
    2009-04-25 17:03:04 ----A---- D:\WINDOWS\system32\atl71.dll
    2009-04-25 17:03:03 ----D---- D:\Program Files\NVIDIA Corporation
    2009-04-15 18:26:48 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$
    2009-04-15 18:26:42 ----HDC---- D:\WINDOWS\$NtUninstallKB961373$
    2009-04-15 18:25:28 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$
    2009-04-15 18:25:20 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$
    2009-04-15 18:25:15 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$
    2009-04-15 18:25:06 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$
    2009-04-15 18:22:36 ----N---- D:\WINDOWS\system32\xpsp4res.dll
    2009-04-14 14:23:26 ----A---- D:\WINDOWS\system32\hidserv.dll

    ======List of files/folders modified in the last 3 months======

    2009-07-07 09:14:52 ----D---- D:\WINDOWS\Prefetch
    2009-07-07 09:14:39 ----RD---- D:\Program Files
    2009-07-07 07:53:28 ----D---- D:\WINDOWS\system32\CatRoot2
    2009-07-06 22:31:12 ----A---- D:\WINDOWS\SchedLgU.Txt
    2009-07-05 23:32:09 ----A---- D:\WINDOWS\NeroDigital.ini
    2009-07-05 20:40:57 ----A---- D:\WINDOWS\ulead32.ini
    2009-07-05 12:50:30 ----D---- D:\WINDOWS\system32\config
    2009-07-01 19:25:09 ----HD---- D:\WINDOWS\inf
    2009-07-01 14:43:44 ----D---- D:\WINDOWS
    2009-07-01 12:51:26 ----D---- D:\WINDOWS\system32\drivers
    2009-07-01 12:49:05 ----SHD---- D:\WINDOWS\Installer
    2009-07-01 12:49:02 ----D---- D:\WINDOWS\WinSxS
    2009-06-30 13:50:02 ----D---- D:\Program Files\Internet Explorer
    2009-06-30 11:10:33 ----SHD---- D:\System Volume Information
    2009-06-30 11:10:33 ----D---- D:\WINDOWS\system32\Restore
    2009-06-30 11:05:32 ----D---- D:\WINDOWS\system32
    2009-06-30 11:03:22 ----A---- D:\WINDOWS\system.ini
    2009-06-30 11:01:04 ----D---- D:\WINDOWS\AppPatch
    2009-06-30 11:01:01 ----D---- D:\Program Files\Common Files
    2009-06-29 18:08:15 ----A---- D:\WINDOWS\win.ini
    2009-06-29 17:50:38 ----HD---- D:\Program Files\InstallShield Installation Information
    2009-06-24 22:18:20 ----D---- D:\WINDOWS\system32\Setup
    2009-06-16 16:26:12 ----A---- D:\WINDOWS\RTacDbg.txt
    2009-06-16 16:06:41 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
    2009-06-11 17:27:51 ----A---- D:\WINDOWS\imsins.BAK
    2009-06-11 17:27:49 ----RSHDC---- D:\WINDOWS\system32\dllcache
    2009-06-11 17:27:40 ----HD---- D:\WINDOWS\$hf_mig$
    2009-06-11 17:24:32 ----D---- D:\WINDOWS\system32\en-us
    2009-06-11 08:52:48 ----SD---- D:\WINDOWS\Downloaded Program Files
    2009-06-11 07:31:53 ----D---- D:\WINDOWS\system32\CatRoot
    2009-06-01 22:10:26 ----D---- D:\Program Files\dl_Cats
    2009-06-01 09:51:12 ----A---- D:\WINDOWS\system32\MRT.exe
    2009-05-14 15:18:54 ----D---- D:\WINDOWS\network diagnostic
    2009-05-11 11:37:06 ----DC---- D:\WINDOWS\system32\DRVSTORE
    2009-05-11 11:36:20 ----A---- D:\WINDOWS\system32\lsdelete.exe
    2009-05-07 08:32:35 ----A---- D:\WINDOWS\system32\localspl.dll
    2009-05-05 18:08:37 ----SD---- D:\WINDOWS\Tasks
    2009-04-29 14:03:47 ----D---- D:\Documents and Settings
    2009-04-28 21:56:02 ----A---- D:\WINDOWS\system32\wininet.dll
    2009-04-28 21:56:02 ----A---- D:\WINDOWS\system32\webcheck.dll
    2009-04-28 21:56:01 ----N---- D:\WINDOWS\system32\pngfilt.dll
    2009-04-28 21:56:01 ----N---- D:\WINDOWS\system32\occache.dll
    2009-04-28 21:56:01 ----N---- D:\WINDOWS\system32\mstime.dll
    2009-04-28 21:56:01 ----A---- D:\WINDOWS\system32\urlmon.dll
    2009-04-28 21:56:01 ----A---- D:\WINDOWS\system32\url.dll
    2009-04-28 21:56:00 ----N---- D:\WINDOWS\system32\msrating.dll
    2009-04-28 21:56:00 ----N---- D:\WINDOWS\system32\mshtmled.dll
    2009-04-28 21:56:00 ----A---- D:\WINDOWS\system32\mshtml.dll
    2009-04-28 21:55:58 ----N---- D:\WINDOWS\system32\jsproxy.dll
    2009-04-28 21:55:58 ----A---- D:\WINDOWS\system32\msfeedsbs.dll
    2009-04-28 21:55:58 ----A---- D:\WINDOWS\system32\msfeeds.dll
    2009-04-28 21:55:57 ----N---- D:\WINDOWS\system32\iernonce.dll
    2009-04-28 21:55:57 ----A---- D:\WINDOWS\system32\iertutil.dll
    2009-04-28 21:55:57 ----A---- D:\WINDOWS\system32\ieframe.dll
    2009-04-28 21:55:56 ----N---- D:\WINDOWS\system32\ieencode.dll
    2009-04-28 21:55:56 ----N---- D:\WINDOWS\system32\iedkcs32.dll
    2009-04-28 21:55:56 ----N---- D:\WINDOWS\system32\ieaksie.dll
    2009-04-28 21:55:56 ----N---- D:\WINDOWS\system32\ieakeng.dll
    2009-04-28 21:55:56 ----N---- D:\WINDOWS\system32\extmgr.dll
    2009-04-28 21:55:56 ----N---- D:\WINDOWS\system32\dxtrans.dll
    2009-04-28 21:55:56 ----A---- D:\WINDOWS\system32\ieapfltr.dll
    2009-04-28 21:55:56 ----A---- D:\WINDOWS\system32\icardie.dll
    2009-04-28 21:55:55 ----N---- D:\WINDOWS\system32\dxtmsft.dll
    2009-04-28 21:55:55 ----A---- D:\WINDOWS\system32\advpack.dll
    2009-04-28 02:05:56 ----N---- D:\WINDOWS\system32\ie4uinit.exe
    2009-04-28 02:05:56 ----A---- D:\WINDOWS\system32\ieudinit.exe
    2009-04-25 21:54:43 ----D---- D:\Program Files\Windows Media Player
    2009-04-25 21:54:37 ----D---- D:\WINDOWS\Help
    2009-04-25 21:53:01 ----D---- D:\WINDOWS\system32\LogFiles
    2009-04-24 22:26:23 ----N---- D:\WINDOWS\system32\ieakui.dll
    2009-04-15 19:36:42 ----D---- D:\WINDOWS\system32\wbem
    2009-04-15 18:26:23 ----D---- D:\WINDOWS\ie7updates
    2009-04-15 16:55:34 ----D---- D:\Documents and Settings\Byros\Application Data\Adobe
    2009-04-15 07:51:25 ----A---- D:\WINDOWS\system32\rpcrt4.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Intel Processor Driver; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 nvport;NVIDIA PORT IO Control Driver; \??\D:\WINDOWS\system32\Drivers\nvport.sys []
    R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-09 21035]
    R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 EAPPkt;Realtek EAPPkt Protocol; D:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
    R3 ati2mtag;ati2mtag; D:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
    R3 E100B;Intel(R) PRO Network Connection Driver; D:\WINDOWS\System32\DRIVERS\e100b325.sys [2006-10-31 165760]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
    R3 mouhid;Mouse HID Driver; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2005-10-17 9856]
    R3 tbcspud;Santa Cruz Driver; D:\WINDOWS\system32\drivers\tbcspud.sys [2003-06-23 149632]
    R3 tbcwdm;Santa Cruz WDM Driver; D:\WINDOWS\system32\drivers\tbcwdm.sys [2003-06-23 554304]
    R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); D:\WINDOWS\System32\DRIVERS\A3AB.sys [2007-05-24 547744]
    S3 catchme;catchme; \??\D:\DOCUME~1\Byros\LOCALS~1\Temp\catchme.sys []
    S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; D:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-07-18 306688]
    S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2009-01-13 598016]
    R2 dlcx_device;dlcx_device; D:\WINDOWS\system32\dlcxcoms.exe [2006-11-03 537480]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-11 953168]
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
    R3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]
    S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
    S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------
    Hopefully this can show a bad registry entry or something... thanks again sooo much
     
  6. d4rkn1ght

    d4rkn1ght Member

    Joined:
    Jan 14, 2009
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    16
    Hey lops444

    Hmmm... your log shows some questionable points...

    Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

    Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

    Configuring Malwarebytes

    &#8226; Click on the tab Settings.
    &#8226; Make sure only these boxes are checked:
    Code:
    Terminate Internet Explorer
    Automatically save and display logfile after removal
    Always scan memory objects
    Always scan registry objects
    Always scan filesystem
    Always scan extra and heuristics objects
    Updating Malwarebytes

    &#8226; Click on the tab Update.
    &#8226; Press the button Check for Updates
    &#8226; Wait for Malwarebytes to be fully updated.

    Scanning Time

    &#8226; Click on the tab Scanner.
    &#8226; Check Perform full scan and click on Scan
    &#8226; Wait for the scan to complete, and then click on Show Results.
    &#8226; Make sure all items are checked, then click on Remove Selected.
    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

    Post A Log

    &#8226; A text box will pop up after the removal process is over. Post the contents of the text here.
    &#8226; If no text box pops up, launch Malwarebytes, and click on the tab Logs.
    &#8226; The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
    &#8226; Post the log here.

    Best Regards :D
     
  7. lops444

    lops444 Member

    Joined:
    Jun 30, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    I just ran malwarebytes, and used the settings you suggested. I performed a full scan, and here is the log... it foound nothing..
    Malwarebytes' Anti-Malware 1.39
    Database version: 2421
    Windows 5.1.2600 Service Pack 3

    7/15/2009 10:05:27 PM
    mbam-log-2009-07-15 (22-05-27).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 222133
    Time elapsed: 1 hour(s), 20 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    I noticed something new occuring now, if this helps... since Ive installed both the suggested sypware remover ( malwarebytes) and Avira, my computer is running slower. ALso, now when I click to shut down, my computer doesnt shut down, but restarts. the other day when I tried to run task manager, it wouldnt let me.. But it does now.. any further help?
    thanks
     
  8. lops444

    lops444 Member

    Joined:
    Jun 30, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    so u guys cant find anything??
     
  9. onyxVort

    onyxVort Member

    Joined:
    Sep 11, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    I know it has been awhile and this could be off base but I fixed a similar problem. Go to Start > Control Panel > Administrative Tools > Computer Management > Device Manager > IDE Controllers > Primary (and Secondary) controllers. Right Click and choose properties then click the Advanced Settings tab. The dropdown box should be in DMA mode. If it is PIO mode your computer will barely run but will show no problems in any virus or pc health check. I have been seeing this a lot lately and the problem always presents first with stuttered or jittery sound at startup. If it is not in PIO mode this is not your answer but if it is, the only way to fix it is to uninstall the IDE Primary and/or secondary controllers that have defaulted to PIO. When you reboot the computer after windows will automatically reinstall them with the settings back on DMA.
     

Share This Page