slow comp - reformated to no avail(RESOLVED)

gog · #1 (**permalink**) 25-01-2008, 03:10 AM

Thanks in advance,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:48 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\EA Games\Command & Conquer The First Decade\Launcher\TFDLauncher.exe
C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\RA2.exe
C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\Game.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200898783601
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201069129765
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4886 bytes
------------------------------------------------------------

Adobe Flash Player ActiveX
AIM 6
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Display Driver
Bonjour
Collab
Command & Conquer The First Decade
Counter-Strike: Source
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
FL Studio 7
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
IL Download Manager
iTunes
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.11)
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Sid Meier's Civilization 4
Steam
Update for Windows XP (KB898461)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR archiver
World of Warcraft

Neal · #2 (**permalink**) 25-01-2008, 04:47 PM

Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe

Double-click ATF-Cleaner.exe to run the program.

If you would like to keep your cookies don't check that item

* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Then go get yourself an anti-virus program a couple good free ones are:

AVG

AVAST

Get only one

Update and run a scan

You need a firewall also

Comodo

After the above post a new hijackthis log with feed back on what is going on now please.

gog · #3 (**permalink**) 26-01-2008, 05:53 AM

thanks ill do this first thing tomorow.

Neal · #4 (**permalink**) 26-01-2008, 07:20 AM

okey dokey then will be looking for it tomorrow sometime.

gog · #5 (**permalink**) 28-01-2008, 01:19 AM

-- running anti-virus as we speak will update shortly --

gog · #6 (**permalink**) 28-01-2008, 09:41 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:06 AM, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200898783601
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201069129765
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5837 bytes

Found 2 viruses during scan, I have noticed the comp is a little faster, thanks!

Neal · #7 (**permalink**) 28-01-2008, 11:22 PM

I would uninstall viewpoint media player if you did not install that yourself, from add/remove program.

If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

gog · #8 (**permalink**) 29-01-2008, 06:20 AM

Notes: not sure if its related, but my internet has been acting very strange, going from very fast to VERY VERY slow.

ComboFix 08-01-29.3 - MC Anthrax 2008-01-29 16:15:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.611 [GMT 11:00]
Running from: C:\Documents and Settings\MC Anthrax\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 09:43 . 2008-01-28 09:43 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-28 09:43 . 2003-03-19 07:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-28 08:08 . 2008-01-28 08:08 <DIR> d-------- C:\Program Files\COMODO
2008-01-28 08:08 . 2008-01-28 08:08 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\Comodo
2008-01-28 08:08 . 2008-01-28 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-28 08:08 . 2008-01-28 08:08 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-28 08:08 . 2008-01-28 08:08 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-28 08:08 . 2008-01-28 08:08 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-27 12:19 . 2008-01-27 12:19 <DIR> d-------- C:\Documents and Settings\MC Anthrax\DefaultClasses
2008-01-27 12:18 . 2008-01-27 12:19 <DIR> d-------- C:\Documents and Settings\MC Anthrax\DefaultScripts
2008-01-27 09:19 . 2008-01-27 09:21 <DIR> d-------- C:\Program Files\BitLord
2008-01-27 08:11 . 2008-01-27 08:11 <DIR> d-------- C:\WINDOWS\vbSkinner
2008-01-27 08:09 . 2008-01-27 08:11 <DIR> d-------- C:\Program Files\PFConfig
2008-01-26 08:47 . 2008-01-26 08:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-26 08:47 . 2008-01-26 08:47 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-26 08:46 . 2008-01-26 08:47 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-26 08:46 . 2008-01-26 08:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-25 18:45 . 2008-01-25 19:10 <DIR> d-------- C:\Program Files\ABC Amber Photoshop Converter
2008-01-25 17:01 . 2008-01-25 17:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-25 14:20 . 2008-01-26 21:38 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\Ventrilo
2008-01-25 14:18 . 2008-01-25 14:18 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-25 13:05 . 2008-01-25 13:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 21:50 . 2008-01-24 21:51 <DIR> d-------- C:\Program Files\Copy of Image-Line
2008-01-24 19:28 . 2008-01-24 21:32 <DIR> d-------- C:\Program Files\VstPlugins
2008-01-24 19:28 . 2008-01-24 19:28 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-01-24 19:28 . 2002-07-08 09:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-01-24 19:28 . 2006-06-20 19:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-01-24 19:27 . 2008-01-24 21:32 <DIR> d-------- C:\Program Files\Image-Line
2008-01-24 16:38 . 2008-01-24 16:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-24 15:51 . 2008-01-24 15:51 <DIR> d-------- C:\Program Files\uTorrent
2008-01-24 15:51 . 2008-01-29 10:52 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\uTorrent
2008-01-23 17:35 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-23 17:34 . 2008-01-23 17:34 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-23 17:34 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-23 17:34 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-23 17:34 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe
2008-01-23 17:34 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-23 14:17 . 2008-01-23 14:17 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-01-23 14:04 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-23 13:42 . 2008-01-23 13:42 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\DivX
2008-01-23 12:51 . 2008-01-28 19:13 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Contacts
2008-01-23 09:50 . 2008-01-23 09:50 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\My Games
2008-01-23 09:13 . 2008-01-23 09:13 <DIR> d-------- C:\Program Files\Firaxis Games
2008-01-23 09:12 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-22 13:40 . 2008-01-29 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-22 13:40 . 2008-01-22 13:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 13:05 . 2008-01-22 13:05 <DIR> d-------- C:\Program Files\iTunes
2008-01-22 13:05 . 2008-01-22 13:05 <DIR> d-------- C:\Program Files\iPod
2008-01-22 13:05 . 2008-01-22 14:05 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\Apple Computer
2008-01-22 13:04 . 2008-01-23 12:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-22 13:04 . 2008-01-22 13:04 <DIR> d-------- C:\Program Files\QuickTime
2008-01-22 13:04 . 2008-01-22 13:04 <DIR> d-------- C:\Program Files\Bonjour
2008-01-22 13:04 . 2008-01-22 13:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-22 13:04 . 2008-01-22 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-22 13:03 . 2008-01-22 13:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-22 13:03 . 2008-01-22 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-22 09:44 . 2008-01-22 09:45 <DIR> d-------- C:\Program Files\DivX
2008-01-22 07:14 . 2008-01-23 12:47 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-22 07:09 . 2008-01-27 13:45 <DIR> d-------- C:\Program Files\World Of Warcraft
2008-01-21 22:10 . 2008-01-21 22:10 <DIR> d-------- C:\Program Files\EA Games
2008-01-21 21:51 . 2008-01-21 21:51 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-21 20:25 . 2008-01-21 20:25 <DIR> d-------- C:\Documents and Settings\MC Anthrax\Application Data\acccore
2008-01-21 20:05 . 2008-01-21 20:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-01-21 20:05 . 2008-01-21 20:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-21 20:05 . 2008-01-21 20:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-21 20:03 . 2008-01-29 16:08 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-21 20:03 . 2008-01-21 20:03 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-21 20:03 . 2008-01-21 20:03 <DIR> d-------- C:\Program Files\AIM6
2008-01-21 20:03 . 2008-01-29 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-21 20:03 . 2008-01-21 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-21 20:03 . 2008-01-21 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-21 20:03 . 2008-01-21 20:03 492 --ah----- C:\IPH.PH
2008-01-21 19:37 . 2008-01-21 19:37 <DIR> d-------- C:\Program Files\Realtek
2008-01-21 18:30 . 2008-01-21 18:30 847 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-01-21 18:12 . 2008-01-21 18:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-21 18:11 . 2008-01-23 12:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 18:10 . 2008-01-23 12:50 <DIR> d-------- C:\Program Files\Windows Live
2008-01-21 18:10 . 2008-01-23 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-21 18:06 . 2008-01-21 18:06 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-21 18:04 . 2005-02-25 14:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-21 18:00 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-21 18:00 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-21 18:00 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-21 18:00 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-21 18:00 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-21 17:57 . 2008-01-21 17:57 <DIR> d---s---- C:\Documents and Settings\MC Anthrax\UserData
2008-01-21 17:54 . 2008-01-29 16:14 <DIR> d-------- C:\Program Files\Steam
2008-01-21 17:54 . 2008-01-21 17:54 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-21 17:54 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-21 17:50 . 2008-01-24 09:02 15,227 --a------ C:\scan.html
2008-01-21 17:02 . 2008-01-23 17:34 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-21 17:02 . 2008-01-21 17:02 <DIR> d-------- C:\Program Files\D-Link
2008-01-21 17:02 . 2008-01-21 17:02 <DIR> d-------- C:\Program Files\ANI
2008-01-21 17:01 . 2008-01-21 19:37 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-21 05:52 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-21 05:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 23:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-01-21 18:07 1266936]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-04 03:15 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-28 08:08 1481472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 23:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-28 08:08]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-28 08:08]
S3 happyfacesz;happyfacesz;C:\Documents and Settings\MC Anthrax\My Documents\thingo2\happyfacesz.sys []
S3 hhhhdgfa;hhhhdgfa;C:\Documents and Settings\MC Anthrax\My Documents\Gogleveling\BOTS\noob farming one\hhhhdgfa.sys [2008-01-29 10:18]
S3 nakja;nakja;C:\Documents and Settings\MC Anthrax\My Documents\Gogleveling\BOTS\Copy of Bg bot 1\nakja.sys [2008-01-27 19:39]

*Newly Created Service* - PROCEXP90
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 16:17:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-29 16:17:17
ComboFix-quarantined-files.txt 2008-01-29 05:17:15

Neal · #9 (**permalink**) 29-01-2008, 10:12 PM

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\ativpsrm.bin

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

If that one is to busy here is another option:

http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html

I would check with your internet provider for the speed problems for now.

Go HERE to run an online scannner from ESET.

* Note: You will need to use Internet explorer for this scan
* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the activex control to install
* Click Start
* Check next options: Remove found threats and Scan unwanted applications.
* Click Scan
* Wait for the scan to finish
* Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Copy and paste that log in your next reply and also let me know how things are now.

New hijackthis log please.

gog · #10 (**permalink**) 02-02-2008, 11:13 PM

"0 bytes size received "

and i think i uninstalled internet exploroer...will post a new hijack log now