Go Back   Cyber Tech Help Support Forums > Software > Gaming

Notices

Gaming Use this board for problem solving and the discussion of PC & Console Gaming issues

Reply
 
Topic Tools
  #1  
Old September 25th, 2006, 05:47 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
Exclamation (Moved by AM) Help!

so i dont actually know if theres anything wrong with my computer, it will shut down though and sometimes freeze up when playing games so if you could please help me that would be great

here are many computer logs
ComboFix
Zach - 06-09-24 20:51:29.31 Service Pack 2
Reply With Quote
  #2  
Old September 25th, 2006, 05:48 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
2006-09-21 16:20 304,128 --a------ C:\WINDOWS\IsUninst.exe
2006-09-21 16:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-21 16:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-20 21:34 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-20 21:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-20 21:20 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-20 20:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-20 20:16 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2006-09-20 20:16 974,848 --a------ C:\WINDOWS\SynthCoreA.Dll
2006-09-20 20:16 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2006-09-20 20:16 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2006-09-20 20:16 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll
2006-09-20 20:16 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll
2006-09-20 20:16 45,056 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-09-20 20:16 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-09-20 20:16 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-09-20 20:16 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll
2006-09-20 20:16 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-20 20:16 380,928 --a------ C:\WINDOWS\SynCor.exe
2006-09-20 20:16 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-09-20 20:16 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2006-09-20 20:13 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-20 20:12 94,208 --a------ C:\WINDOWS\system32\igfxext.exe
2006-09-20 20:12 90,112 --a------ C:\WINDOWS\system32\igfxzoom.exe
2006-09-20 20:12 880,640 --a------ C:\WINDOWS\system32\igfxress.dll
2006-09-20 20:12 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2006-09-20 20:12 739,387 --a------ C:\WINDOWS\system32\ialmdd5.dll
2006-09-20 20:12 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v3762.dll
2006-09-20 20:12 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2006-09-20 20:12 471,040 --a------ C:\WINDOWS\system32\ialmgdev.dll
2006-09-20 20:12 462,848 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-09-20 20:12 45,056 --a------ C:\WINDOWS\system32\igfxdgps.dll
2006-09-20 20:12 36,415 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2006-09-20 20:12 339,968 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2006-09-20 20:12 32,768 --a------ C:\WINDOWS\system32\igfxexps.dll
2006-09-20 20:12 225,280 --a------ C:\WINDOWS\system32\igfxpph.dll
2006-09-20 20:12 221,184 --a------ C:\WINDOWS\system32\igfxeud.dll
2006-09-20 20:12 2,273,280 --a------ C:\WINDOWS\system32\ialmgicd.dll
2006-09-20 20:12 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-09-20 20:12 151,552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2006-09-20 20:12 143,360 --a------ C:\WINDOWS\system32\igfxdev.dll
2006-09-20 20:12 126,976 --a------ C:\WINDOWS\system32\igfxhk.dll
2006-09-20 20:12 126,651 --a------ C:\WINDOWS\system32\ialmdev5.dll
2006-09-20 20:12 118,784 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-20 20:12 118,784 --a------ C:\WINDOWS\system32\hccutils.dll
2006-09-20 20:12 103,484 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2006-09-20 20:09 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2006-09-20 19:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-20 19:39 0 -rahs---- C:\MSDOS.SYS
2006-09-20 19:39 0 -rahs---- C:\IO.SYS
2006-09-20 19:39 0 --a------ C:\CONFIG.SYS
2006-09-20 19:39 0 --a------ C:\AUTOEXEC.BAT
2006-09-20 19:37 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-20 19:37 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-20 19:37 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-20 19:37 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-20 19:37 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-20 19:37 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-20 19:37 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-20 19:37 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-20 19:37 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-20 19:37 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-20 19:37 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-20 19:37 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-20 19:37 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-20 19:37 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-20 19:37 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-20 19:37 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-20 19:37 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-20 19:37 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-20 19:37 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-20 19:37 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-20 19:37 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-20 19:37 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-20 19:37 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-20 19:37 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-20 19:37 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-20 19:37 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-20 19:37 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-20 19:37 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-20 19:37 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-20 19:37 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-20 19:37 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-20 19:37 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-20 19:37 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-20 19:37 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-20 19:37 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-20 19:37 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-20 19:37 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-20 19:37 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-20 19:37 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-20 19:37 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-20 19:37 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-20 19:37 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-20 19:37 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-20 19:36 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-20 19:36 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-20 19:36 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-20 19:36 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-20 19:36 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-20 19:36 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-20 19:36 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-20 19:36 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-20 19:36 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-20 19:36 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-20 19:36 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-20 19:36 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-20 19:36 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-20 19:36 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-20 19:36 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-20 19:36 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-20 19:36 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-20 19:36 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-20 19:36 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-20 19:36 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-20 19:36 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-20 19:36 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-20 19:36 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-20 19:36 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-20 19:36 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-20 19:36 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-20 19:36 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-20 19:36 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-20 19:36 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-20 19:36 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-20 19:36 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-20 19:36 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-20 19:36 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-20 19:36 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-20 19:36 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-20 19:36 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-20 19:36 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-20 19:35 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-20 19:35 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-20 19:35 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-20 19:35 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-20 19:35 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-20 19:35 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-20 19:35 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-20 19:35 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-20 19:35 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-20 19:35 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-20 19:35 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-20 19:35 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-20 19:35 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-20 19:35 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-20 19:35 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-20 19:35 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-20 19:35 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-20 19:35 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-20 19:35 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-20 19:35 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-20 19:35 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-20 19:35 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-20 19:35 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-20 19:35 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-20 19:35 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-20 19:35 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-20 19:35 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-20 19:35 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-20 19:35 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-20 19:35 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-20 19:35 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-20 19:35 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-20 19:35 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-20 19:35 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-20 19:35 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-20 19:35 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-20 19:35 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-20 19:35 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-20 19:35 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-20 19:35 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-20 19:35 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-20 19:35 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-19 23:50 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-19 23:49 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-19 23:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-19 23:49 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-19 23:49 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-19 23:49 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-19 23:49 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-19 23:49 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-19 23:49 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-19 23:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-19 23:49 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-19 23:49 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-19 23:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-19 23:49 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-19 23:48 74,752 --a------ C:\WINDOWS\system32\storprop.dll
Reply With Quote
  #3  
Old September 25th, 2006, 05:48 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
Find3M Report

2006-09-24 20:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-24 16:55 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-09-24 15:44 -------- d-------- C:\Program Files\MSN
2006-09-24 14:59 -------- d-------- C:\Documents and Settings\Zach\Application Data\MSNInstaller
2006-09-24 14:59 -------- d-------- C:\Documents and Settings\Zach\Application Data\MSN6
2006-09-24 14:43 -------- d---s---- C:\Documents and Settings\Zach\Application Data\Microsoft
2006-09-24 14:40 -------- d-------- C:\Program Files\Atari
2006-09-23 23:49 2508 --a------ C:\Documents and Settings\Zach\Application Data\$_hpcst$.hpc
2006-09-23 23:49 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-22 15:18 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-22 15:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 16:52 -------- d-------- C:\Program Files\EA GAMES
2006-09-21 16:20 -------- d-------- C:\Program Files\Acclaim Entertainment
2006-09-21 16:15 -------- d-------- C:\Program Files\Spyware Doctor
2006-09-21 16:05 -------- d-------- C:\Documents and Settings\Zach\Application Data\PC Tools
2006-09-20 21:32 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-20 21:21 -------- d-------- C:\Documents and Settings\Zach\Application Data\Macromedia
2006-09-20 21:11 -------- d-------- C:\Documents and Settings\Zach\Application Data\Identities
2006-09-20 20:58 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-20 20:57 -------- d-------- C:\Program Files\MSN Messenger
2006-09-20 20:45 -------- d-------- C:\Program Files\Windows Defender
2006-09-20 20:45 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-20 20:41 -------- d-------- C:\Program Files\Internet Explorer
2006-09-20 20:40 -------- d-------- C:\Program Files\Windows Media Player
2006-09-20 20:30 -------- d-------- C:\Program Files\Outlook Express
2006-09-20 20:30 -------- d-------- C:\Program Files\Common Files\System
2006-09-20 20:29 -------- d-------- C:\Program Files\Messenger
2006-09-20 20:19 -------- d-------- C:\Program Files\Intel
2006-09-20 20:16 -------- d-------- C:\Program Files\Analog Devices
2006-09-20 20:05 -------- d-------- C:\Program Files\Common Files
2006-09-20 19:43 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 19:39 -------- d-------- C:\Program Files\xerox
2006-09-20 19:39 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-20 19:38 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-20 19:37 -------- d-------- C:\Program Files\NetMeeting
2006-09-20 19:37 -------- d-------- C:\Program Files\Movie Maker
2006-09-20 19:37 -------- d-------- C:\Program Files\Common Files\Services
2006-09-20 19:37 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-20 19:36 -------- d-------- C:\Program Files\Windows NT
2006-09-20 19:36 -------- d-------- C:\Program Files\Online Services
2006-09-20 19:36 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-20 19:36 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-19 23:49 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-19 23:49 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-19 23:48 62 --ahs---- C:\Documents and Settings\Zach\Application Data\desktop.ini
2006-08-24 11:40 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-04 12:18 613208 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-26 16:13 129832 --a------ C:\WINDOWS\system32\rapi.dll
2006-06-26 16:12 20264 --a------ C:\WINDOWS\system32\ceutil.dll

Reg Loading Points
*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Spyware Doctor"=""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.ex e"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.ex e"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00 ,00,04,00,00,a2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,e1 ,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"Spyware Doctor"=""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Sun 09/24/2006 20:52:10.76
ComboFix.txt
Reply With Quote
  #4  
Old September 25th, 2006, 05:50 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
Hijack this
Logfile of HijackThis v1.99.1
Scan saved at 9:43:56 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Zach\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f0536156bfbf4694abc41fadcb30a93c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f0536156bfbf4694abc41fadcb30a93c
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158808781381
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

i also ran edwido but it found nothing

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"Spyware Doctor" = (empty string)
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" ["Analog Devices, Inc."]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"OneCareUI" = ""C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobile Device"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Zach\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Microsoft Protection Service, msfwsvc, ""C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"" [MS]
MSMPSVC, MSMPSVC, ""C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows Live OneCare, winss, "C:\Program Files\Microsoft Windows OneCare Live\winss.exe" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 10 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 46 seconds)
Reply With Quote
  #5  
Old September 26th, 2006, 02:26 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
I cant see any problems in any of your logs Zach.

Just to be sure that you do not have a rootkit infection, download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder

When you have done this, close all running programs and doubleclick on Gmer.exe to run it and click on Settings. Check the first five settings (see below)

System Protection and Tracing
Processes
Save created processes to the log
Drivers
Save loaded drivers to the log

You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab. Look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Save the file and copy the information and post it here please.

Warning! Please do not select the "Show all" checkbox during the scan
Reply With Quote
  #6  
Old September 26th, 2006, 11:14 PM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
GMER 1.0.11.11384 - http://www.gmer.net
Rootkit 2006-09-26 15:11:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- EOF - GMER 1.0.11 ----
Reply With Quote
  #7  
Old September 26th, 2006, 11:18 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Nope that's fine too. I am transferring your topic the the Gaming Forum. I am sure you will get the help you need there. Good luck.
Reply With Quote
  #8  
Old September 28th, 2006, 01:52 PM
Metr01973's Avatar
Metr01973 Metr01973 is offline
CTH Subscriber
 
Join Date: May 2006
O/S: Windows XP Pro
Location: Leicester, UK
Age: 50
Posts: 545
Have you made sure that all your drivers are all upto date also can you please can you post your system specs, thx. If they are above I appoligise, I'm just to lazy to read all that, lol.
Reply With Quote
  #9  
Old September 29th, 2006, 03:15 PM
photolady photolady is offline
CTH Subscriber
 
Join Date: Dec 2003
Posts: 10,927
Metr0 I read all of it and it has no system specs included in all those logs, just what software is on that computer.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Help Please! - moved from XP DDHarris Malware Removal 1 January 25th, 2009 06:35 AM
A little help please.... {moved by PL} n0b0dy Malware Removal 7 November 11th, 2007 04:03 AM
pop ups - moved by Tom bol1 Internet / Browsers 3 July 5th, 2007 10:34 PM
Something is just not right - moved by Tom Dr J Windows XP 13 March 24th, 2007 06:04 PM


All times are GMT +1. The time now is 02:47 PM.