Jump to content

BlackWiddow

Anti-Spyware Brigade
  • Content Count

    1,852
  • Joined

  • Last visited

About BlackWiddow

  • Rank
    Fear the Bite!
  • Birthday 07/03/1987

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    PA

Previous Fields

  • System Specifications:
    Blue Doom Power Up Case Ultra X-Connect 400W PSU Intel Celeron 340 2.93Ghz 533FSB Socket 478 1024MB PC3200 DDR 400MHz CL3 PCCHIPS P25G V3.0 P4M800CE 478 Seagate 160GB EIDE HD 7200/8MB/ATA-100 52X CD-RW/16X DVD-ROM Combo Drive GeForce FX5500 256MB DDR AGP W/TV & DVI Phillips TV7135 WMD Video Capture Windows XP Home/ openSUSE 10.2
  • Teams:
    PC Builders Club
  1. dont sit and talk to them long, you will go crazy, lol. Yeah, safe mode only runs the basic functions, so it reverts back to usb1.0 as usb 2.0 requires drivers.
  2. try plugging in an external monitor to the laptop and then try to boot up and see what happens. other than that, go to safe mode and back up your data and format the hard drive and reinstall windows. You may be looking at damage to the graphics adapter, I cant be too sure without looking at it.
  3. in safe mode, try to restore your computer back to the day before you installed SP3 and see if that helps. If it does, then thats the issue. I would also suggest while you are in safe mode to right click on my computer and select properties. Then click on the hardward tab and open the device manager. Check under your display adapters and see if there are any issues. You can try to update the drivers there, or uninstall the adapter and reboot. When in safe mode the computer is bypassing all unnecessary drivers/hardware, so if there is a corrupted driver, then in safe mode it defaults to the generic driver. Also, explain what happens when it wont boot, do you get the windows logo and it just wont get to the welcome screen, or is everything just blank?
  4. really the best solution is more fans. Also, better heating components. the stock fans and heatsink might not be powerful enough, you will want to look for fans with a higher airflow rate. Also, the direction in which they are installed helps, you dont want two fans one opposite ends blowing in b/c you will trap hot air, pick a direction and make sure you have good airflow. If you want, you can replace the heatsink on the CPU as well, make sure you clean it off with an alchohol swap first, then apply new thermal paste and then the new heatsink. As Cobalt suggested, you can mod your case to allow for another fan. Water coolng systems are great for gaming, but if you arent comfortable with working on computers, I'd advise not doing that, or having somebody who knows what they are doing install it. Hope this helps!
  5. for starters, follow all the tips the test suggested, defrag and of course update your display drivers as suggested. Im still thinking that its a heat related issue. Do you feel confident in opening the case of your computer ( or will that void your warranty?) If you wont be voiding your warranty, then open the case and take a look at how many fans you have, and the placement of them. Also, download speedfan and check your temps, before playing, during ( minimise screen and read temps quickly) then after. If you find high temps, then try lowering the graphic settings in the games and try that. Also you can install some case fans to help airflow and lower the temps. btw..
  6. you may only be running one "program" at a time, but there may be many processes running in the background. Do a pit test and post the results for us http://forums.pcpitstop.com/index.php?act=techexpresshelp Also, Shutting down your computer isa good thing, but that wont prevent overheating while playing a game. poor air circulation/ lack of sufficent cooling while playing graphic intensive games can cause overheating. Even though you just bought the computer, it doesnt mean they used a powerful enough power supply to meet your needs, but just to barely get by. What brand and model computer did you buy? Downloading games from file sharing sites regardless of the comments can be dangerous and doesnt gaurantee that they are running as designed.
  7. any news? I guess no news is good news at this point.
  8. remove.iss and msdownload.tmp were there and now gone. everything s eems great, thanks!!
  9. ComboFix 09-01-10.03 - Jared 2009-01-12 7:43:18.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.579 [GMT -5:00] Running from: c:\documents and settings\Jared\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jared\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))))) . 2009-01-11 20:14 . 2009-01-11 20:14 <DIR> d-------- c:\windows\ERUNT 2009-01-11 20:07 . 2009-01-11 20:28 <DIR> d-------- C:\SDFix 2009-01-11 18:24 . 2009-01-11 18:24 <DIR> d-------- c:\program files\Trend Micro 2009-01-11 18:12 . 2006-09-18 17:55 109,744 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-11 18:12 . 2006-09-18 17:55 48,816 --a------ c:\windows\system32\S32EVNT1.DLL 2009-01-05 16:00 . 2009-01-05 16:00 <DIR> d-------- c:\program files\Craft Edge 2008-12-31 21:49 . 2008-12-31 21:49 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-31 20:27 . 2008-12-31 20:27 1,085,440 --a------ c:\windows\system32\rn.tmp 2008-12-26 21:28 . 2008-12-26 21:28 <DIR> d-------- c:\program files\Microprose 2008-12-26 09:58 . 2008-12-26 21:30 245 --a------ c:\windows\PowerReg.dat 2008-12-25 23:34 . 2008-12-25 23:59 <DIR> d-------- c:\documents and settings\Renee\Application Data\DeepBurner 2008-12-25 23:33 . 2008-12-25 23:33 <DIR> d-------- c:\program files\Astonsoft 2008-12-25 20:47 . 2008-12-25 20:47 584 --a------ c:\windows\eReg.dat 2008-12-25 20:31 . 2008-12-25 20:33 <DIR> d-------- c:\program files\Maxis 2008-12-25 20:27 . 2008-12-25 20:27 <DIR> d-------- c:\documents and settings\Renee\Application Data\PcCloneEx 2008-12-25 09:45 . 2008-12-26 14:34 <DIR> d-------- c:\documents and settings\Jared\Application Data\PcCloneEx 2008-12-25 09:44 . 2008-12-29 14:15 <DIR> d-------- c:\program files\PCCloneEX 2008-12-15 10:34 . 2008-12-16 08:53 <DIR> d-------- c:\documents and settings\Jared\Application Data\Media Player Classic 2008-12-15 10:33 . 2008-12-26 21:39 <DIR> d-------- c:\program files\K-Lite Codec Pack 2008-12-15 09:47 . 2008-12-15 09:47 <DIR> d-------- c:\documents and settings\Jared\Application Data\InterVideo 2008-12-15 09:45 . 2008-12-15 09:45 <DIR> d-------- c:\program files\InterVideo Information Service 2008-12-15 09:45 . 2008-12-15 09:45 <DIR> d-------- c:\program files\Common Files\Ulead 2008-12-15 09:45 . 2008-12-15 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-15 09:45 . 2006-05-11 18:41 654 --------- c:\windows\remove.iss 2008-12-15 09:44 . 2008-12-15 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-12-15 09:43 . 2008-12-15 09:43 <DIR> d-------- c:\program files\Common Files\InterVideo 2008-12-15 09:42 . 2008-12-15 09:43 <DIR> d-------- c:\program files\InterVideo 2008-12-15 09:39 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll 2008-12-15 09:35 . 2008-12-15 09:39 <DIR> d--h----- c:\windows\msdownld.tmp 2008-12-15 09:35 . 2008-12-15 09:35 <DIR> d-------- c:\windows\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 12:39 --------- d-----w c:\program files\Symantec AntiVirus 2009-01-12 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-12 01:23 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-11 23:12 --------- d-----w c:\program files\Symantec 2009-01-11 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-06 15:37 --------- d-----w c:\documents and settings\Jared\Application Data\Move Networks 2009-01-01 01:25 --------- d-----w c:\documents and settings\Jared\Application Data\BitTorrent 2008-12-27 02:28 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 14:42 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-04 00:47 --------- d-----w c:\program files\Common Files\Software Update Utility 2008-12-04 00:47 --------- d-----w c:\program files\AIM6 2008-12-04 00:46 --------- d-----w c:\program files\AIM Toolbar 2008-12-04 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar 2008-12-04 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\acccore 2008-12-04 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-12-04 00:36 --------- d-----w c:\documents and settings\Renee\Application Data\Viewpoint 2008-12-04 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-11-26 13:05 --------- d-----w c:\program files\Microsoft Works 2008-11-24 12:04 --------- d-----w c:\program files\Common Files\AOL 2008-11-24 12:04 --------- d-----w c:\program files\AIM 2008-11-23 00:29 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-22 22:24 --------- d-----w c:\documents and settings\Renee\Application Data\acccore 2008-11-22 22:23 --------- d-----w c:\program files\Common Files\Nullsoft 2008-11-22 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP 2008-11-18 20:59 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-18 20:59 --------- d--h--r c:\documents and settings\Jared\Application Data\SecuROM 2008-11-18 20:10 --------- d-----w c:\program files\Atari 2008-11-18 20:10 --------- d-----w c:\documents and settings\Jared\Application Data\gnupg 2008-11-14 16:24 --------- d-----w c:\documents and settings\Jared\Application Data\Smith Micro 2008-11-14 16:22 --------- d-----w c:\program files\Verizon Wireless 2008-11-14 16:22 --------- d-----w c:\program files\Sierra Wireless 2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-27 15:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 15:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 15:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 15:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( [email protected]_20.49.12.84 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-12 01:40:11 41,238 ----a-w c:\windows\system32\perfc009.dat + 2009-01-12 01:49:59 41,238 ----a-w c:\windows\system32\perfc009.dat - 2009-01-12 01:40:11 315,076 ----a-w c:\windows\system32\perfh009.dat + 2009-01-12 01:49:59 315,076 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Google Update"="c:\documents and settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-28 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCCloneEX"="c:\program files\PCCloneEX\PCCloneEX.EXE" [2008-12-25 5270528] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-10-24 125120] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Instant Wireless Configuration Utility.lnk - c:\program files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe [2008-03-25 4530176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-03-12 19:05 287040 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-02-13 18:09 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-11-28 13:31 133104 c:\documents and settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2006-08-14 14:41 114688 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2006-08-14 14:39 98304 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2006-08-14 14:38 94208 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\FTP Commander\\ftpcomm.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Atari\\AITD\\Alone.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-11 99376] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-10-24 116416] S3 WUSB12;Instant Wireless Compact USB Adapter Driver;c:\windows\system32\drivers\LSWLUSB.sys [2008-03-25 54083] . Contents of the 'Scheduled Tasks' folder 2009-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1563985344-725345543-1004.job - c:\documents and settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-28 13:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {8A0C0E5F-A8A0-4E8A-BDA4-1D26DDF2483A} = 208.67.220.220,208.67.222.222 TCP: {D9DE133F-A050-4324-85DB-36125CA46CA8} = 208.67.220.220,208.67.222.222 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-12 07:44:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-1563985344-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:85,22,2f,64,be,43,09,e0,57,44,27,f0,80,f0,db,11,8a,8c,72,a8,e8, 3b,2f,4f,8e,53,4b,3c,18,79,48,e5,40,38,41,83,ab,3f,f3,f0,88,a2,c0,50,87,c4,\ "rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\igfxdev.dll . Completion time: 2009-01-12 7:46:42 ComboFix-quarantined-files.txt 2009-01-12 12:46:22 ComboFix2.txt 2009-01-12 01:50:09 Pre-Run: 47,491,878,912 bytes free Post-Run: 47,522,590,720 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 201 --- E O F --- 2008-12-26 19:39:00 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, January 12, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, January 12, 2009 11:41:42 Records in database: 1607182 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ F:\ Scan statistics: Files scanned: 93962 Threat name: 4 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 01:58:06 File name / Threat name / Threats count C:\Documents and Settings\Jared\My Documents\Downloads\PhotoShop CS3 Extended Keygen Activation\PhotoShop CS3 Extended Keygen Activation.exe Infected: Trojan-Downloader.Win32.Agent.mae 1 C:\Documents and Settings\Jared\My Documents\Downloads\PhotoShop CS3 Extended Keygen Activation\PhotoShop CS3 Extended Keygen Activation.exe Infected: Virus.Win32.Parite.b 1 C:\Documents and Settings\Jared\My Documents\Downloads\PhotoShop CS3 Extended Keygen Activation\PhotoShop CS3 Extended Keygen Activation.rar Infected: Trojan-Downloader.Win32.Agent.mae 1 C:\Documents and Settings\Jared\My Documents\Downloads\PhotoShop CS3 Extended Keygen Activation\PhotoShop CS3 Extended Keygen Activation.rar Infected: Virus.Win32.Parite.b 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxodhahvka.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.ivf 1 C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Patched.dy 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:22:32 PM, on 1/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203302168875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203471112593 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C0E5F-A8A0-4E8A-BDA4-1D26DDF2483A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DE133F-A050-4324-85DB-36125CA46CA8}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 7249 bytes
  10. Before following your last post, things seem ok. I am able to get into the c drive via the link in my computer and my antivirus is able to run. As for the other issues, I am not sure, but i havent run in to them yet. I will let you know when I finish your steps. Thanks
  11. SDfix SDFix: Version 1.240 Run by Jared on Sun 01/11/2009 at 08:18 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\autorun.inf - Deleted C:\DOCUME~1\Jared\LOCALS~1\Temp\tmpE6.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 20:28:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Jared\ntuser.dat, 0 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\FTP Commander\\ftpcomm.exe"="C:\\Program Files\\FTP Commander\\ftpcomm.exe:*:Enabled:ftpcomm" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "D:\\SETUP.EXE"="D:\\SETUP.EXE:*:Enabled:Alone In The Dark Setup" "C:\\Program Files\\Atari\\AITD\\Alone.exe"="C:\\Program Files\\Atari\\AITD\\Alone.exe:*:Enabled:Alone In The Dark" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin" "C:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Thu 20 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 18 Nov 2008 1,977 ...HR --- "C:\Documents and Settings\Jared\Application Data\SecuROM\UserData\securom_v7_01.bak" Finished! ComboFix ComboFix 09-01-10.03 - Jared 2009-01-11 20:36:18.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.632 [GMT -5:00] Running from: c:\documents and settings\Jared\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\msqpdxjmkxvsnj.sys c:\windows\system32\msqpdxodhahvka.dll c:\windows\system32\msrdo20.dll c:\windows\system32\rdocurs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSQPDXSERV.SYS -------\Legacy_MYDNS -------\Service_MyDNS ((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))))) . 2009-01-11 20:14 . 2009-01-11 20:14 <DIR> d-------- c:\windows\ERUNT 2009-01-11 20:07 . 2009-01-11 20:28 <DIR> d-------- C:\SDFix 2009-01-11 18:24 . 2009-01-11 18:24 <DIR> d-------- c:\program files\Trend Micro 2009-01-11 18:12 . 2006-09-18 17:55 109,744 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-11 18:12 . 2006-09-18 17:55 48,816 --a------ c:\windows\system32\S32EVNT1.DLL 2009-01-05 16:00 . 2009-01-05 16:00 <DIR> d-------- c:\program files\Craft Edge 2008-12-31 21:49 . 2008-12-31 21:49 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-31 20:27 . 2008-12-31 20:27 1,085,440 --a------ c:\windows\system32\rn.tmp 2008-12-26 21:28 . 2008-12-26 21:28 <DIR> d-------- c:\program files\Microprose 2008-12-26 09:58 . 2008-12-26 21:30 245 --a------ c:\windows\PowerReg.dat 2008-12-25 23:34 . 2008-12-25 23:59 <DIR> d-------- c:\documents and settings\Renee\Application Data\DeepBurner 2008-12-25 23:33 . 2008-12-25 23:33 <DIR> d-------- c:\program files\Astonsoft 2008-12-25 20:47 . 2008-12-25 20:47 584 --a------ c:\windows\eReg.dat 2008-12-25 20:31 . 2008-12-25 20:33 <DIR> d-------- c:\program files\Maxis 2008-12-25 20:27 . 2008-12-25 20:27 <DIR> d-------- c:\documents and settings\Renee\Application Data\PcCloneEx 2008-12-25 09:45 . 2008-12-26 14:34 <DIR> d-------- c:\documents and settings\Jared\Application Data\PcCloneEx 2008-12-25 09:44 . 2008-12-29 14:15 <DIR> d-------- c:\program files\PCCloneEX 2008-12-15 10:34 . 2008-12-16 08:53 <DIR> d-------- c:\documents and settings\Jared\Application Data\Media Player Classic 2008-12-15 10:33 . 2008-12-26 21:39 <DIR> d-------- c:\program files\K-Lite Codec Pack 2008-12-15 09:47 . 2008-12-15 09:47 <DIR> d-------- c:\documents and settings\Jared\Application Data\InterVideo 2008-12-15 09:45 . 2008-12-15 09:45 <DIR> d-------- c:\program files\InterVideo Information Service 2008-12-15 09:45 . 2008-12-15 09:45 <DIR> d-------- c:\program files\Common Files\Ulead 2008-12-15 09:45 . 2008-12-15 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-15 09:45 . 2006-05-11 18:41 654 --------- c:\windows\remove.iss 2008-12-15 09:44 . 2008-12-15 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-12-15 09:43 . 2008-12-15 09:43 <DIR> d-------- c:\program files\Common Files\InterVideo 2008-12-15 09:42 . 2008-12-15 09:43 <DIR> d-------- c:\program files\InterVideo 2008-12-15 09:39 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll 2008-12-15 09:35 . 2008-12-15 09:39 <DIR> d--h----- c:\windows\msdownld.tmp 2008-12-15 09:35 . 2008-12-15 09:35 <DIR> d-------- c:\windows\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 01:45 --------- d-----w c:\program files\Symantec AntiVirus 2009-01-12 01:23 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-11 23:12 --------- d-----w c:\program files\Symantec 2009-01-11 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-06 15:37 --------- d-----w c:\documents and settings\Jared\Application Data\Move Networks 2009-01-01 01:25 --------- d-----w c:\documents and settings\Jared\Application Data\BitTorrent 2008-12-27 02:28 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 14:42 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-04 00:47 --------- d-----w c:\program files\Common Files\Software Update Utility 2008-12-04 00:47 --------- d-----w c:\program files\AIM6 2008-12-04 00:46 --------- d-----w c:\program files\Viewpoint 2008-12-04 00:46 --------- d-----w c:\program files\AIM Toolbar 2008-12-04 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar 2008-12-04 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\acccore 2008-12-04 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-12-04 00:36 --------- d-----w c:\documents and settings\Renee\Application Data\Viewpoint 2008-12-04 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-11-26 13:05 --------- d-----w c:\program files\Microsoft Works 2008-11-24 12:04 --------- d-----w c:\program files\Common Files\AOL 2008-11-24 12:04 --------- d-----w c:\program files\AIM 2008-11-23 00:29 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-22 22:24 --------- d-----w c:\documents and settings\Renee\Application Data\acccore 2008-11-22 22:23 --------- d-----w c:\program files\Common Files\Nullsoft 2008-11-22 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP 2008-11-18 20:59 --------- d--h--r c:\documents and settings\Jared\Application Data\SecuROM 2008-11-18 20:10 --------- d-----w c:\program files\Atari 2008-11-18 20:10 --------- d-----w c:\documents and settings\Jared\Application Data\gnupg 2008-11-14 16:24 --------- d-----w c:\documents and settings\Jared\Application Data\Smith Micro 2008-11-14 16:22 --------- d-----w c:\program files\Verizon Wireless 2008-11-14 16:22 --------- d-----w c:\program files\Sierra Wireless . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Google Update"="c:\documents and settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-28 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCCloneEX"="c:\program files\PCCloneEX\PCCloneEX.EXE" [2008-12-25 5270528] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-10-24 125120] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Instant Wireless Configuration Utility.lnk - c:\program files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe [2008-03-25 4530176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-03-12 19:05 287040 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-02-13 18:09 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-11-28 13:31 133104 c:\documents and settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2006-08-14 14:41 114688 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2006-08-14 14:39 98304 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2006-08-14 14:38 94208 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\FTP Commander\\ftpcomm.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Atari\\AITD\\Alone.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Jared\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-11 99376] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-03 24652] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-10-24 116416] S3 WUSB12;Instant Wireless Compact USB Adapter Driver;c:\windows\system32\drivers\LSWLUSB.sys [2008-03-25 54083] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c: \Shell\Open\command - resycled\boot.com c: . Contents of the 'Scheduled Tasks' folder 2009-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1563985344-725345543-1004.job - c:\documents and settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-28 13:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {8A0C0E5F-A8A0-4E8A-BDA4-1D26DDF2483A} = 208.67.220.220,208.67.222.222 TCP: {D9DE133F-A050-4324-85DB-36125CA46CA8} = 208.67.220.220,208.67.222.222 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 20:45:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-1563985344-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:85,22,2f,64,be,43,09,e0,57,44,27,f0,80,f0,db,11,8a,8c,72,a8,e8, 3b,2f,4f,8e,53,4b,3c,18,79,48,e5,40,38,41,83,ab,3f,f3,f0,88,a2,c0,50,87,c4,\ "rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-01-11 20:50:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-12 01:50:04 Pre-Run: 47,137,083,392 bytes free Post-Run: 47,576,993,792 bytes free 196 --- E O F --- 2008-12-26 19:39:00 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:50:50 PM, on 1/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203302168875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203471112593 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C0E5F-A8A0-4E8A-BDA4-1D26DDF2483A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DE133F-A050-4324-85DB-36125CA46CA8}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6653 bytes
  12. My computer has been acting very weird. First off, When I tried to go to a certain website, it told me that i couldnt because something from my ip address is trying to send a DOS attack.. something like that, also when I try to go to some websites it takes me somewhere completly different. I cant tell you what or where cuz I dont remember. Secondly, I cant open my C drive from the link in my computer ( can from address bar) it says this: "Windows cannot find 'resycled/boot.com' . Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search " I cannot run my Symantec Corporate Antivirus either. I did run spybot and it deleted something, sorry, I cant remember what it was anymore. Here is my HJT log, please help. If this needs moved somewere else for more help, please do so. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:24:42 PM, on 1/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\vptray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Symantec AntiVirus\vpc32.exe C:\Program Files\Symantec AntiVirus\vpdn_lu.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203302168875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203471112593 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C0E5F-A8A0-4E8A-BDA4-1D26DDF2483A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DE133F-A050-4324-85DB-36125CA46CA8}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7270 bytes
×
×
  • Create New...