Emergency computer just died.

pip1011261

pip1011261

New Member
Hi, not sure if it is virus or spyware issue but here looks the best place to start.

5 minutes ago my computer was working fine no problems and no virus spyware etc.......

I plugged my camera in to transfer some pics and it wasnt coming up on the computer. I closed all open applications no problem. Tried to restart the computer and no response. So i held to power button to turn off so i could restart. Now on restart it doesnt get past the "system is starting" "to interrupt normal startup press enter" screen, also pressing enter doesnt do anything either....it is just frozen there. I turned off by pressing power button unplugged from wall for a few minutes and tried again....no luck.

Can anyone help me here.........PLEASE........
 
Sorry for the double post........i just remembered i moved my usm storage device so i checked it and the usb plug wasnt connected properly.......would this cause my computer to stall like this.........cause now it is on again......i will post a HJT anyway
 
Hmm maybe it's a hardware problem? Overheating?
Anyway, please if you are able, we are going to first search for viruses.
Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Logfile of HijackThis v1.99.1
Scan saved at 11:05:44 AM, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\pIXSELL\My Documents\Downloads\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\NAVIGA~1\MouseElf.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113w.bay113.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1188078927968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188078905859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CFE94C6-1B6E-4DC3-83B3-94416EC93BF8}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
 
Hello!
Nothing related to your problem and you fixed it anyway.
But I found couple of nasties and we will clean it as it can even expand.
Please open HijackThis again and choose Do a system scan only.
Place a check next to these entries:
  • O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/page.html
  • O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/link.html
  • O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/page.html (file missing) (HKCU
  • O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/page.html (file missing) (HKCU)
  • O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
Now please click Fix.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In next post ComboFix log and HijackThis log ( fresh ) to see if you're clean.
P.S. Have you noticed any Internet problems so far?
 
Before i do this, will it effect the AEE application (AEE is a program i use).....i use this application for grabbing my email addresses from different files from my computer and shared network computers when sending our company's database mailing lists as our mailer is getting very full and unorganised making it difficult to keep track of things.
 
These entries shouldn't affect it, as they are stored in wrong folder and do nothing. However,if they do, you can either do two things:
1.) Go to Backups in HijackThis log and restore that entries,
and 2.) just reinstall the AEE program.
The first option is better.
 
Ok leave them but run ComboFix and post it's report. Then we will see is it necessery to clean them.
What would leaving them mean? Nothing nasty no, just unecessery in that folder.
In fact ok leave them. My mistake it doesn't cause anything...bad.
Just slows down your computer I guess.
 
ok here is the combo fix log.......also internet is running ok....i get a few times a day asking to try again connection in IE but msn stays signed in.....thats just weird, but after combofix run i had to repair my connection as it wasnt working at all.

ComboFix 08-01-15.4 - pIXSELL 2008-01-15 11:48:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT 1:00]
Running from: C:\Documents and Settings\pIXSELL\My Documents\Downloads\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sitdat5.dll
C:\WINDOWS\system32\sitinfo.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 11:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 09:35 . 2008-01-11 09:36 <DIR> d-------- C:\Program Files\Advanced Email Extractor PRO
2008-01-11 09:35 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2008-01-02 19:49 . 2008-01-02 19:50 <DIR> d-------- C:\Documents and Settings\pIXSELL\Application Data\VideoEgg
2007-12-30 00:07 . 2008-01-10 12:08 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-12-30 00:07 . 2007-12-30 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-12-29 22:15 . 2004-08-04 05:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2007-12-29 22:05 . 2007-12-29 22:05 <DIR> d-------- C:\Program Files\PIXELA
2007-12-29 22:04 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-12-29 22:04 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-12-29 22:04 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-12-29 22:04 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-12-29 22:04 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-29 21:57 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-29 21:57 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-29 21:55 . 2004-08-04 06:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-29 21:55 . 2004-08-04 06:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-22 03:07 . 2007-12-22 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-21 23:34 . 2007-12-21 23:34 3,532 --a------ C:\drmHeader.bin
2007-12-21 13:19 . 2007-12-21 13:19 <DIR> d-------- C:\Program Files\WAYN
2007-12-21 13:19 . 2007-12-21 13:19 <DIR> d-------- C:\Documents and Settings\pIXSELL\Application Data\WAYN
2007-12-18 23:35 . 2007-12-18 23:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-18 01:31 . 2007-12-18 01:32 <DIR> d-------- C:\Documents and Settings\pIXSELL\Application Data\GetRightToGo
2007-12-18 01:23 . 2007-12-18 01:23 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-18 01:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-18 00:57 . 2007-12-18 01:04 <DIR> d-------- C:\Program Files\GameShadow
2007-12-16 11:00 . 2007-12-16 11:00 <DIR> d-------- C:\Program Files\PCPitstop
2007-12-16 10:51 . 2007-12-16 10:51 <DIR> d-------- C:\Program Files\Maxis
2007-12-15 02:10 . 2008-01-10 18:16 1,374 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:53 --------- d-----w C:\Documents and Settings\pIXSELL\Application Data\uTorrent
2008-01-13 22:19 --------- d-----w C:\Documents and Settings\pIXSELL\Application Data\Skype
2008-01-11 17:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-09 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-26 20:54 --------- d-----w C:\Documents and Settings\pIXSELL\Application Data\LimeWire
2007-12-23 15:52 --------- d--h--w C:\Documents and Settings\pIXSELL\Application Data\Creative
2007-12-23 15:44 --------- d-----w C:\Program Files\Creative
2007-12-18 19:00 --------- d-----w C:\Program Files\MSN Messenger
2007-12-18 19:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-14 17:36 --------- d-----w C:\Program Files\pIXSELL
2007-12-13 00:59 --------- d-----w C:\Program Files\UltraMon
2007-12-13 00:59 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2007-12-13 00:59 --------- d-----w C:\Documents and Settings\pIXSELL\Application Data\Realtime Soft
2007-12-13 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2007-12-10 16:38 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-12-10 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-12-09 00:27 --------- d-----w C:\Program Files\Diskeeper Corporation(2)
2007-12-09 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation(2)
2007-12-06 18:25 --------- d-----w C:\Program Files\DivX
2007-12-04 23:37 --------- d-----w C:\Program Files\PC Wizard 2007
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-29 15:50 4,096 ----a-w C:\WINDOWS\system32\sysres.dll
2007-11-29 15:50 38,567 ----a-w C:\WINDOWS\system32\pcpbios.exe
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-22 00:41 --------- d-----w C:\Program Files\Adobe Type Manager
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 17:26 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-11-07 17:26 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 16:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 16:39 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 16:37 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2003-02-28 11:32 11,776 ----a-w C:\WINDOWS\inf\dt154stickoem_wxp.exe
2002-11-14 21:32 55,808 ----a-w C:\WINDOWS\inf\devcon154stick.exe
2006-10-01 14:30 104 --sh--r C:\WINDOWS\system32\BA23C75FDC.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 08:56 380416 C:\WINDOWS\system32\irprops.cpl]
"tgcmd"="" []
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-17 23:27 32768]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 22:08 57344 C:\WINDOWS\system32\ico.exe]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2003-08-01 09:28 474624]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2004-09-14 09:13 684032]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 18:35 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"mouseElf"="C:\PROGRA~1\NAVIGA~1\MouseElf.EXE" [2004-09-20 07:16 196608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-07 18:19 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-12-07 23:37 1680883]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-06 18:08 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2003-09-30 17:05 536576 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 09:23]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 cpuz126;cpuz126;C:\Program Files\PC Wizard 2007\pcwiz32.sys [2006-12-14 13:00]
S3 DT154_A02;Sinus 154 data II Driver;C:\WINDOWS\system32\DRIVERS\TS154USB.sys []
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 07:01]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 21:55]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 21:25]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 09:23]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 11:53:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 11:54:07
ComboFix-quarantined-files.txt 2008-01-15 10:53:52
.
2007-07-10 22:43:55 --- E O F ---
 
Ok it looks like it killed couple of nasties. You are now clean.
However you should have disconnected from the Internet, but it's easy to establish a connection again so... I am sorry not to warn you.
Ok, don't fix that HijackThis entries now, ComboFix found that only 1 of them was unecessery *shy, sorry *.
So good luck!
GameMaster
 
You must log in or register to reply here.
Back
Top