Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

KERNELFAULTCHECK [CLOSED]

Started by MEME1287 , Feb 11 2008 06:26 PM

  • This topic is locked This topic is locked

#1
MEME1287
Posted 11 February 2008 - 06:26 PM

MEME1287

    New Member

  • Member
  • Pip
  • 2 posts
Don't know what exactly is happening, but I get ramdom restarts and halts while playing online games like wow, only thing I have noticed out of the ordinary is the KernelFaultCheck %system%\system32\dump 0 -k always showing up in my task manager. I have removed it and also stopped the error reporting too but still shows up.

Your help is really appreciated and thank you guys for all your good work on helping a novice like myself.

HERE IS MY HIJACK LOG FILE:

Logfile of HijackThis v1.99.1
Scan saved at 10:14:22 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B27BE5A-4882-4C2B-800C-83E1C0A6C964} - C:\WINDOWS\system32\cdosysf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?dc74786de49d4c7c9495dd0f156c808a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?dc74786de49d4c7c9495dd0f156c808a
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://s13.photobucket.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe



Thank you for your time in advance.

Edited by MEME1287, 11 February 2008 - 06:32 PM.

  • 0

Advertisements

#2
MEME1287
Posted 13 February 2008 - 02:06 AM

MEME1287

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
FIRST STARTED WITH A WINDOWS SECURITY ALERT POPUP THAT I COULD NOT GET RID OF, SO DID AN HOUSECALL FREE SCANNING WITH TREND MICRO AND FOUND THESE TWO PARTICULAR TROJENS BUT IT COULD NOT DELETE THEM, SO I TRIED TO MANUALLY DELETE IT MYSELF IN SAFEMODE BUT STILL COULD NOT DELETE THE FILES ASSOCIATED WITH I THINK THESE TRJOJENS. SO PLEASE HELP ME GET RID OF IT. HERE IS MY COMFIX LOG FILE.
HOPE YOU CAN HELP AND LOOKING FORWARD TO A REPLY...THANK YOU FOR YOUR TIME AND EFFORT WITH MY PROBLEM. KUDO'S TO YOU ALL FOR THE WORK YOUR DOING :)

ComboFix 08-02-13.2 - Joshua SA 2008-02-13 17:44:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.708 [GMT 10:00]
Running from: C:\Documents and Settings\Joshua SA\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cdosysf.dll
C:\WINDOWS\system32\drivers\umvtwbul.dat
C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LGXUETET
-------\lgxuetet
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 16:32 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-03 22:13 . 2008-02-12 10:02 <DIR> d-------- C:\Documents and Settings\Joshua SA\Application Data\MiniDm
2008-02-01 11:55 . 2008-02-01 11:55 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Roxio
2008-02-01 03:01 . 2008-02-01 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-31 13:54 . 2008-01-31 13:54 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-31 13:53 . 2008-01-31 13:53 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-31 13:53 . 2008-01-31 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 13:14 . 2008-01-31 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-31 13:14 . 2008-02-01 12:59 <DIR> d-------- C:\Documents and Settings\Joshua SA\Application Data\Roxio
2008-01-31 13:13 . 2008-01-31 13:13 <DIR> d-------- C:\Program Files\InterActual
2008-01-31 11:44 . 2008-01-31 13:13 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-01-31 11:44 . 2006-08-08 09:18 92,920 --a------ C:\WINDOWS\DLA.EXE
2008-01-31 11:44 . 2006-08-08 09:18 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2008-01-31 11:44 . 2006-08-01 19:46 51,800 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-01-31 11:44 . 2006-08-01 20:06 28,216 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2008-01-31 11:44 . 2006-08-01 20:06 12,952 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-01-31 11:43 . 2008-01-31 11:43 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-01-31 11:43 . 2008-01-31 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-31 11:42 . 2008-01-31 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-31 11:40 . 2008-01-31 11:41 <DIR> d-------- C:\Program Files\SightSpeed
2008-01-31 11:36 . 2008-01-31 11:44 <DIR> d-------- C:\Program Files\Roxio
2008-01-31 11:36 . 2008-01-31 11:43 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-31 11:36 . 2008-01-31 11:37 <DIR> d-------- C:\Program Files\Common Files\SightSpeed
2008-01-31 11:36 . 2008-01-31 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-31 11:35 . 2008-01-31 11:35 <DIR> d-------- C:\Program Files\DivX
2008-01-31 11:35 . 2008-01-31 11:38 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-31 11:30 . 2008-01-31 11:30 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-31 11:15 . 2008-01-31 11:15 <DIR> d-------- C:\Program Files\GoldEsel
2008-01-31 11:15 . 2008-01-31 11:15 <DIR> d-------- C:\Program Files\Ahead
2008-01-31 11:02 . 2008-02-13 06:09 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-31 10:53 . 2008-01-31 14:50 <DIR> d-------- C:\Documents and Settings\Joshua SA\Application Data\Ahead
2008-01-31 10:51 . 2008-01-31 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-31 10:45 . 2008-01-31 10:45 <DIR> d-------- C:\Program Files\Nero
2008-01-31 10:45 . 2008-01-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-31 10:45 . 2008-01-31 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-28 05:00 . 2008-01-28 05:00 <DIR> d-------- C:\Program Files\Creative
2008-01-28 04:47 . 2008-01-28 05:04 <DIR> d-------- C:\Program Files\IEPro
2008-01-28 04:47 . 2008-01-28 04:47 <DIR> d-------- C:\Documents and Settings\Joshua SA\Application Data\IEPro
2008-01-25 11:17 . 2008-01-25 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\farstone
2008-01-24 20:11 . 2008-01-24 20:11 <DIR> d-------- C:\Documents and Settings\Joshua SA\Application Data\FarStone
2008-01-24 18:51 . 2008-01-24 18:51 <DIR> d-------- C:\Program Files\Activision
2008-01-24 18:39 . 2008-01-24 18:39 261 --a------ C:\inVHDDrvLog.dat
2008-01-24 18:38 . 2008-01-24 18:38 <DIR> d-------- C:\Program Files\FarStone
2008-01-24 18:38 . 2007-03-02 13:48 81,920 --------- C:\WINDOWS\VPlay801.exe
2008-01-24 18:38 . 2007-08-15 21:32 69,776 --------- C:\WINDOWS\system32\drivers\fvxscsi.sys
2008-01-24 18:38 . 2007-06-22 10:06 43,408 --------- C:\WINDOWS\system32\drivers\fsRamDsk.sys
2008-01-24 18:38 . 2007-03-02 13:48 17,840 --------- C:\WINDOWS\system32\drivers\fcdabus.sys
2008-01-24 18:38 . 2007-06-14 14:10 17,542 --------- C:\WINDOWS\Driver.ico
2008-01-24 18:38 . 2006-08-07 18:03 14,496 --------- C:\WINDOWS\system32\VDI08X.dat
2008-01-24 18:37 . 2008-01-24 18:37 110,592 --a------ C:\WINDOWS\system32\DVC.dll
2008-01-24 18:37 . 2007-04-10 08:06 86,016 --------- C:\WINDOWS\system32\RDrv2KInterface.dll
2008-01-24 18:37 . 2008-01-24 18:37 86,016 --a------ C:\WINDOWS\system32\Dversion.dll
2008-01-24 18:37 . 2004-01-12 13:51 53,248 --------- C:\WINDOWS\system32\RDrvNTInterface.dll
2008-01-24 18:37 . 2007-03-02 13:48 36,864 --------- C:\WINDOWS\system32\unVHDDrvExe.exe
2008-01-24 18:37 . 2004-07-16 17:33 32,768 --------- C:\WINDOWS\system32\RDrv9xInterface.dll
2008-01-24 18:37 . 2007-04-10 08:05 32,768 --------- C:\WINDOWS\system32\inVHDDrvExe.exe
2008-01-24 18:37 . 2007-04-10 08:06 28,672 --------- C:\WINDOWS\system32\RDrvInterface.dll
2008-01-24 18:07 . 2008-01-25 11:48 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-24 17:06 . 2008-01-24 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-24 16:31 . 2008-01-24 19:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-24 16:31 . 2008-01-24 19:05 22,328 --a------ C:\Documents and Settings\Joshua SA\Application Data\PnkBstrK.sys
2008-01-24 16:30 . 2008-01-24 19:05 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-24 16:30 . 2008-01-24 19:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-24 16:30 . 2008-01-24 19:05 319 --a------ C:\WINDOWS\game.ini
2008-01-24 14:39 . 2008-01-24 14:39 268 --ah----- C:\sqmdata05.sqm
2008-01-24 14:39 . 2008-01-24 14:39 244 --ah----- C:\sqmnoopt05.sqm
2008-01-24 09:34 . 2008-01-24 09:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-24 09:20 . 2008-01-24 09:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 09:19 . 2008-01-24 09:19 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.0.3
2008-01-24 09:19 . 2008-01-24 09:21 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-01-24 09:11 . 2008-01-24 09:11 244 --ah----- C:\sqmnoopt04.sqm
2008-01-24 09:11 . 2008-01-24 09:11 244 --ah----- C:\sqmnoopt03.sqm
2008-01-24 09:11 . 2008-01-24 09:11 232 --ah----- C:\sqmdata04.sqm
2008-01-24 09:11 . 2008-01-24 09:11 232 --ah----- C:\sqmdata03.sqm
2008-01-24 09:10 . 2008-01-24 09:10 244 --ah----- C:\sqmnoopt02.sqm
2008-01-24 09:10 . 2008-01-24 09:10 244 --ah----- C:\sqmnoopt01.sqm
2008-01-24 09:10 . 2008-01-24 09:10 244 --ah----- C:\sqmnoopt00.sqm
2008-01-24 09:10 . 2008-01-24 09:10 232 --ah----- C:\sqmdata02.sqm
2008-01-24 09:10 . 2008-01-24 09:10 232 --ah----- C:\sqmdata01.sqm
2008-01-24 09:10 . 2008-01-24 09:10 232 --ah----- C:\sqmdata00.sqm
2008-01-19 00:00 . 2008-01-19 00:00 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-18 23:28 . 2008-01-28 05:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-18 23:28 . 2008-01-18 23:28 <DIR> d-------- C:\Program Files\MTV Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 18:45 --------- d-----w C:\Program Files\Azureus
2008-02-12 11:47 --------- d-----w C:\Program Files\StepMania
2008-02-12 10:30 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\LimeWire
2008-02-03 07:20 --------- d-----w C:\Program Files\LimeWire
2008-02-01 00:41 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\Apple Computer
2008-01-31 04:56 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\dvdcss
2008-01-31 03:57 --------- d-----w C:\Program Files\iTunes
2008-01-31 03:57 --------- d-----w C:\Program Files\iPod
2008-01-31 03:56 --------- d-----w C:\Program Files\QuickTime
2008-01-31 01:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 01:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 19:04 --------- d-----w C:\Program Files\IE7Pro
2008-01-27 19:03 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\IE7Pro
2008-01-26 01:00 --------- d-----w C:\Program Files\World of Warcraft
2008-01-24 08:43 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\Azureus
2007-12-31 06:42 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-12-31 06:24 --------- d-----w C:\Program Files\Avanquest update
2007-12-31 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-25 04:25 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-22 17:17 --------- d-----w C:\Program Files\Nokia
2007-12-21 01:30 --------- d-----w C:\Program Files\MySpace
2007-12-20 10:23 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\Nokia
2007-12-20 09:59 19,552 -c--a-w C:\Documents and Settings\Joshua SA\Application Data\GDIPFONTCACHEV1.DAT
2007-12-20 07:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-20 06:47 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\MySpace
2007-12-19 12:37 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\Windows Live Writer
2007-12-19 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-12-19 11:45 --------- d-----w C:\Program Files\G-Mailto
2007-12-19 11:42 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-19 11:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-16 23:15 --------- d-----w C:\Documents and Settings\Joshua SA\Application Data\PC Suite
2007-12-16 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-16 23:14 --------- d-----w C:\Program Files\DIFX
2007-12-16 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 08:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-20 08:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 11:07]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 23:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-13 06:20:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 17:50:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\tlntsvr.exe
.
**************************************************************************
.
Completion time: 2008-02-13 17:51:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 07:51:53
.
2008-02-02 17:01:10 --- E O F ---
  • 0

#3
greyknight17
Posted 19 February 2008 - 01:01 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please do not create duplicate topics. Merged...

Also, don't type in CAPS. It's much harder to read and is considered yelling when you use it online.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {4B27BE5A-4882-4C2B-800C-83E1C0A6C964} - C:\WINDOWS\system32\cdosysf.dll

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\cdosysf.dll

Driver::
LEGACY_LGXUETET
lgxuetet
nm

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Any improvement?

Edited by greyknight17, 19 February 2008 - 01:01 PM.

  • 0

#4
greyknight17
Posted 28 February 2008 - 09:27 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP