Hijack Log

TheKeVo

TheKeVo

New Member
hey long time since i've been on here, just wondering if everything is doing okay on this comp that i recently put together

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:31 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Ventrilo\Ventrilo.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3702 bytes
 
1. - Pls remove Viewpoint Manager - Control Panel > Add / remove programs > Remove Viewpoint Manager.

2. - Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your reply:
  • Post the combo fix log
  • Post a Fresh Hijackthis log

Thankyou
 
ComboFix 08-08-12.01 - Kevin Mullen 2008-08-13 1:48:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2565 [GMT -7:00]
Running from: E:\Documents and Settings\Kevin Mullen\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 22:42 . 2008-08-12 22:42 <DIR> d-------- E:\Program Files\Trend Micro
2008-08-12 19:40 . 2008-08-12 19:40 <DIR> d-------- E:\Program Files\Apple Software Update
2008-08-12 19:39 . 2008-08-12 19:39 <DIR> d-------- E:\Program Files\Common Files\Adobe
2008-08-12 15:08 . 2008-08-12 15:08 42,320 --a------ E:\WINDOWS\system32\xfcodec.dll
2008-08-11 17:23 . 2008-08-12 19:39 <DIR> d-------- E:\Program Files\Common Files\Adobe(2)
2008-08-11 17:23 . 2008-08-12 19:39 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-08-11 16:35 . 2008-08-11 17:11 <DIR> d-------- E:\Documents and Settings\Kevin Mullen\Application Data\AdobeUM
2008-08-09 16:24 . 2008-08-12 19:39 <DIR> d-------- E:\Program Files\Common Files\Real
2008-08-07 14:21 . 2008-08-12 19:40 <DIR> d-------- E:\Program Files\Apple Software Update(2)
2008-08-06 00:25 . 2008-08-06 00:25 <DIR> d-------- E:\WINDOWS\Sun
2008-07-31 16:55 . 2008-07-31 16:55 <DIR> d-------- E:\Program Files\iPod
2008-07-31 09:39 . 2008-07-31 09:40 <DIR> d-------- E:\Program Files\CDisplay
2008-07-30 12:56 . 2008-07-30 12:56 <DIR> d-------- E:\Documents and Settings\Kevin Mullen\Application Data\Hamachi
2008-07-28 12:29 . 2008-07-28 12:29 <DIR> d--h----- E:\$AVG8.VAULT$
2008-07-26 00:43 . 2008-07-27 00:21 <DIR> d-------- E:\Program Files\AV Vcs 6.0 DIAMOND
2008-07-23 17:44 . 2008-07-23 17:44 <DIR> d-------- E:\Documents and Settings\Kevin Mullen\Application Data\acccore
2008-07-23 17:44 . 2008-08-13 00:11 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-23 17:44 . 2008-07-23 17:44 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-23 17:44 . 2008-07-23 17:44 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\AOL
2008-07-23 17:44 . 2008-07-23 17:44 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\acccore
2008-07-23 17:43 . 2008-07-23 17:44 <DIR> d-------- E:\Program Files\Common Files\AOL
2008-07-23 17:43 . 2008-07-23 17:44 <DIR> d-------- E:\Program Files\AIM6
2008-07-23 17:43 . 2008-07-23 17:44 462 --ah----- E:\IPH.PH
2008-07-13 16:26 . 2008-08-12 19:43 <DIR> d-------- E:\WINDOWS\system32\drivers\Avg
2008-07-13 16:26 . 2008-07-13 16:26 <DIR> d-------- E:\Program Files\AVG
2008-07-13 16:26 . 2008-07-13 16:26 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\avg8
2008-07-13 16:26 . 2008-07-13 16:26 96,520 --a------ E:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-13 16:26 . 2008-07-13 16:26 76,040 --a------ E:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-13 16:26 . 2008-07-13 16:26 10,520 --a------ E:\WINDOWS\system32\avgrsstx.dll
2008-07-13 16:08 . 2008-07-13 16:08 <DIR> d-------- E:\Documents and Settings\Kevin Mullen\Application Data\COWON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 08:48 --------- d-----w E:\Documents and Settings\Kevin Mullen\Application Data\Xfire
2008-08-13 07:36 --------- d-----w E:\Program Files\Steam
2008-08-13 02:40 --------- d-----w E:\Documents and Settings\Kevin Mullen\Application Data\uTorrent
2008-08-13 02:39 --------- d-----w E:\Program Files\DivX
2008-08-04 03:41 --------- d-----w E:\Program Files\Warcraft III
2008-08-02 05:47 --------- d-----w E:\Program Files\World of Warcraft
2008-07-31 23:55 --------- d-----w E:\Program Files\iTunes
2008-07-29 03:08 --------- d-----w E:\Program Files\JetAudio
2008-07-14 19:54 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-07-13 22:19 --------- d-----w E:\Program Files\Java
2008-07-12 03:10 --------- d-----w E:\Program Files\Diablo II
2008-07-08 09:34 --------- d-----w E:\Documents and Settings\Kevin Mullen\Application Data\DivX
2008-07-04 23:30 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-07-04 23:30 --------- d-----w E:\Program Files\Common Files\COWON
2008-07-03 16:11 21,840 ----a-w E:\WINDOWS\system32\SIntfNT.dll
2008-07-03 16:11 17,212 ----a-w E:\WINDOWS\system32\SIntf32.dll
2008-07-03 16:11 12,067 ----a-w E:\WINDOWS\system32\SIntf16.dll
2008-07-03 16:05 94,208 ----a-w E:\WINDOWS\DIIUnin.exe
2008-07-03 16:05 2,829 ----a-w E:\WINDOWS\DIIUnin.pif
2008-07-02 18:38 --------- d-----w E:\Program Files\Common Files\Java
2008-06-29 22:18 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-06-29 05:13 --------- d-----w E:\Documents and Settings\Kevin Mullen\Application Data\Ventrilo
2008-06-28 17:32 --------- d-----w E:\Program Files\Common Files\Blizzard Entertainment
2008-06-28 17:21 --------- d-----w E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 19:27 --------- d-----w E:\Program Files\EA GAMES
2008-06-26 18:17 --------- d-----w E:\Program Files\Sony
2008-06-26 18:17 --------- d-----w E:\Program Files\SlySoft
2008-06-26 07:52 --------- d-----w E:\Program Files\uTorrent
2008-06-26 07:52 --------- d-----w E:\Program Files\Spybot - Search & Destroy
2008-06-26 07:48 --------- d-----w E:\Program Files\BestGameEver
2008-06-26 07:18 --------- d-----w E:\Program Files\Bonjour
2008-06-26 07:18 --------- d-----w E:\Documents and Settings\Kevin Mullen\Application Data\Apple Computer
2008-06-26 07:18 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 07:17 --------- d-----w E:\Program Files\QuickTime
2008-06-26 07:17 --------- d-----w E:\Program Files\Common Files\Apple
2008-06-26 07:17 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 04:17 --------- d-----w E:\Documents and Settings\LocalService\Application Data\Xfire
2008-06-26 04:04 --------- d-----w E:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-26 03:38 --------- d-----w E:\Program Files\Ventrilo
2008-06-26 03:18 --------- d-----w E:\Program Files\TrackMania United
2008-06-26 03:16 --------- d-----w E:\Program Files\TmUnitedForever
2008-06-26 03:05 --------- d-----w E:\Documents and Settings\All Users\Application Data\Philips Intelligent Agent
2008-06-26 01:19 --------- d-----w E:\Program Files\Marvell
2008-06-26 01:14 315,392 ----a-w E:\WINDOWS\HideWin.exe
2008-06-26 01:14 --------- d-----w E:\Program Files\Realtek
2008-06-26 01:13 --------- d-----w E:\Program Files\ITE
2008-06-26 01:11 --------- d-----w E:\Documents and Settings\Kevin Mullen\Application Data\InstallShield
2008-06-26 01:06 --------- d-----w E:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w E:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w E:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w E:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w E:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 18:31 161,096 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-13 13:10 272,128 ------w E:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 17:22 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe
2008-05-30 17:22 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2008-05-30 17:22 129,784 ------w E:\WINDOWS\system32\pxafs.dll
2008-05-30 17:22 120,056 ------w E:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:22 118,520 ------w E:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:19 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2008-05-30 17:19 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2008-05-16 21:01 86,016 ----a-w E:\WINDOWS\system32\nvmctray.dll
2008-05-16 18:48 446,464 ----a-w E:\WINDOWS\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-08-13_ 0.16.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-13 08:47:27 53,248 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-08-13 08:47:28 12,800 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-08-13 08:47:28 473,600 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-08-13 08:47:24 2,676,224 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:25 2,846,720 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:25 563,712 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:25 567,296 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:26 576,000 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:26 577,024 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:26 577,536 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:26 577,536 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:27 578,560 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:28 578,560 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-13 08:47:28 145,920 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-08-13 08:47:28 159,232 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-08-13 08:47:29 364,544 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-08-13 08:47:29 178,176 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-08-13 08:47:27 223,232 ----a-w E:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-02-06 02:45:26 2,222,800 ----a-w E:\WINDOWS\LastGood\system32\d3dx9_24.dll
+ 2005-03-19 00:19:58 2,337,488 ----a-w E:\WINDOWS\LastGood\system32\d3dx9_25.dll
+ 2006-02-03 15:41:26 14,032 ----a-w E:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2006-09-28 23:03:28 15,128 ----a-w E:\WINDOWS\LastGood\system32\x3daudio1_1.dll
+ 2005-03-18 23:23:10 53,248 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 23:23:10 12,800 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 23:23:14 473,600 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 19:38:58 2,676,224 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:10 145,920 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 23:23:10 159,232 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 23:23:14 364,544 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 23:23:12 178,176 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 23:23:14 223,232 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 22:53:06 2,846,720 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 02:32:54 563,712 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 00:23:14 567,296 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 22:15:56 576,000 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 00:21:34 577,024 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 21:11:52 577,536 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 00:20:50 577,536 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 14:40:48 578,560 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 18:27:50 578,560 ----a-w E:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-03-12 23:42:30 1,123,696 ----a-w E:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 23:45:16 1,124,720 ----a-w E:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-03-15 23:57:58 443,752 ----a-w E:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 23:45:16 443,752 ----a-w E:\WINDOWS\system32\d3dx10_34.dll
+ 2005-05-26 22:34:52 2,297,552 ----a-w E:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-23 02:59:04 2,319,568 ----a-w E:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-06 01:09:18 2,323,664 ----a-w E:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 15:43:16 2,332,368 ----a-w E:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 19:40:58 2,388,176 ----a-w E:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 23:05:20 2,414,360 ----a-w E:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 20:06:18 3,426,072 ----a-w E:\WINDOWS\system32\d3dx9_32.dll
+ 2007-03-12 23:42:30 3,495,784 ----a-w E:\WINDOWS\system32\d3dx9_33.dll
+ 2007-05-16 23:45:16 3,497,832 ----a-w E:\WINDOWS\system32\d3dx9_34.dll
+ 2006-02-03 15:41:26 14,032 ----a-w E:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 19:42:18 15,128 ----a-w E:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-06-01 02:29:42 18,280 ----a-w E:\WINDOWS\system32\x3daudio1_2.dll
+ 2006-02-03 15:42:06 230,096 ----a-w E:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 19:39:48 229,584 ----a-w E:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 14:24:16 230,168 ----a-w E:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 16:30:32 236,824 ----a-w E:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 23:05:56 237,848 ----a-w E:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 19:02:00 251,672 ----a-w E:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 22:27:30 255,848 ----a-w E:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-05 01:55:00 261,480 ----a-w E:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-01 02:30:22 266,088 ----a-w E:\WINDOWS\system32\xactengine2_8.dll
+ 2006-03-31 19:39:24 62,672 ----a-w E:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 16:30:14 62,744 ----a-w E:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-05 01:53:42 81,768 ----a-w E:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-06 01:07:30 61,136 ----a-w E:\WINDOWS\system32\xinput9_1_0.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-13 16:26 1232152]
"AppleSyncNotifier"="E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 E:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-26 23:20 16844800 E:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 E:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
--a------ 2006-04-21 10:46 420864 C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 E:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\Steam\\steamapps\\kmullen\\counter-strike source\\hl2.exe"=
"E:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"E:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"E:\\Program Files\\Steam\\steamapps\\kmullen\\source sdk base\\hl2.exe"=
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"E:\\Program Files\\AIM6\\aim6.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\Steam\\steamapps\\kmullen\\half-life 2 deathmatch\\hl2.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-13 16:26]
R2 avg8emc;AVG Free8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-13 16:26]
R2 avg8wd;AVG Free8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-13 16:26]
R2 AvgTdiX;AVG Free8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-13 16:26]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - E:\Documents and Settings\Kevin Mullen\Application Data\Mozilla\Firefox\Profiles\wo6tdl53.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 01:49:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-13 1:50:13
ComboFix-quarantined-files.txt 2008-08-13 08:50:09
ComboFix2.txt 2008-08-13 07:16:21

Pre-Run: 176,502,067,200 bytes free
Post-Run: 176,492,838,912 bytes free

251 --- E O F --- 2008-07-13 22:15:59



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:10 AM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3758 bytes
 
i randomly got disconnected in a cs:source game and got an error:
NET_SendPacket Warning: UNKNOWN ERROR : (IP ADDRESS HERE)
 
Alright

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 15, 2008 03:41:20
Records in database: 1094297
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 97532
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:49:03


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe/C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67147977.exe Infected: Trojan-Downloader.Win32.VB.bjk 1

The selected area was scanned.
 
OK,

Now because of my basic training i can't help you on further.

Pls be patient and wait for Punk, Gamemaster or ceewi1 to post further instructions.
 
You must log in or register to reply here.
Back
Top