All games unplayable

Status
Not open for further replies.

RalliArt882

Daemon Poster
Messages
576
Hi, I recently made a topic in the pc forum regarding WoW freezing/crashing at the loading screen. I thought that was the only game that gave me trouble since people at the WoW forums had this issue too. But now to rule out issues, I've tried playing other games now. When launching Halo and getting to the menu, it crashes. When launching BF2142 and getting to the menu, it crashes. And when I launched CS: Source and got into a game, it took me back to my desktop and gave me this message:

error.jpg


Of course, when I saw the word "driver", I immediatly uninstalled my vid card driver and then got the latest one. This has not fixed anything. I do not know what to do now. I will also say that this is the first time I've tried playing computer games since about April. But I havent made any changes to my pc. Any thoughts? Is a reformat necessary?
 
Yes, I just got done running AVG and Spybot. Nothing found. I also completely uninstalled and reinstalled WoW. It didn't help anything. Since this problem exists on all of my games, I do not think it is the fault of the games. It is something with my system.
 
Hello,

Have you gone thru Osiris's Guide? Just running 2 scans does not make you clean. Also have you checked for updated DX9 isntalls? Have you downlaoded and installed DX9 Runtimes for June 2008?

Also why is this in the hardware troubleshooting area? IF this is OS related it should be in the Windows area.

Cheers,
Mak
 
Sorry I thought this may have been a vid-card related issue. I will check Osiris's Guide and I'll look into those DX9 updates.
 
Hello,

I will move it no problem. ;) Just wonder that is all. :)

Download details: DirectX End-User Runtime
There is the download for the DX9 Runtimes. If those do not work i will try to find you another download to try.

The error you recieved is related to DX9 cause that is part of it. That is a Direct3D error which is a part of DX. That is why i said that. Just for future reference.

Post your log up in the analyze area for checking if you wish.

Cheers,
Mak
 
Alright I followed Osiris's guide. I'm assuming this is the one you are mentioning:

http://www.techist.com/forums/f51/spyware-removal-guide-osiris-165828/

But yeah those programs got rid of alot of crap that certainly woudln't help my situation. It cut my commit charge upon normal boot from 380 to 280. I also downloaded those DX9 runtimes. Here is my Hijackthis Log after this entire process because they guide said you should look at it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:49, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.23.252:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200064441421
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6119 bytes
 
Hello RalliArt,

There are a couple of entries that make me wonder. So if you could please do as follows just to make sure you are clean and not still infected.

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer

Cheers,
Mak
 
Ok here you are. Thanks alot for all your help. It means alot.

THE COMBOFIX LOG:

ComboFix 08-06-20.4 - Daniel McClelland 2008-06-30 14:09:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1592 [GMT -4:00]
Running from: C:\Documents and Settings\Daniel McClelland\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 14:03 . 2008-06-30 14:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-30 01:43 . 2008-06-30 01:43 <DIR> d-------- C:\WINDOWS\Logs
2008-06-30 01:24 . 2008-06-30 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 00:24 . 2008-06-30 00:24 <DIR> d-------- C:\VundoFix Backups
2008-06-29 14:46 . 2008-06-30 12:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-29 14:46 . 2008-06-29 14:46 <DIR> d-------- C:\Program Files\AVG
2008-06-29 14:46 . 2008-06-29 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-29 14:46 . 2008-06-29 14:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-29 14:46 . 2008-06-29 14:46 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-29 14:46 . 2008-06-29 14:46 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-29 14:46 . 2008-06-29 14:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-29 14:43 . 2008-06-29 14:44 <DIR> d-------- C:\Program Files\Trojan Remover
2008-06-29 14:43 . 2008-06-29 14:43 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-06-29 14:43 . 2008-06-29 14:43 <DIR> d-------- C:\Documents and Settings\Daniel McClelland\Application Data\Simply Super Software
2008-06-29 14:43 . 2008-06-29 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-29 14:43 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-29 14:43 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-29 14:43 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-29 14:43 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-29 14:43 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-29 14:42 . 2008-06-29 14:42 <DIR> d-------- C:\Program Files\CleanUp!
2008-06-29 14:41 . 2008-06-29 14:41 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 14:17 . 2008-06-30 00:23 1,804 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 12:18 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-29 12:13 . 2008-06-29 12:13 10 --a------ C:\WINDOWS\WININIT.INI
2008-06-29 01:09 . 2008-06-29 13:59 <DIR> d-------- C:\Program Files\World of Warcraft
2008-06-29 01:09 . 2008-06-29 01:28 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-25 11:29 . 2008-06-25 11:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-11 11:15 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:15 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 23:46 . 2008-06-02 23:46 10,276,864 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-06-02 23:22 . 2008-06-02 23:22 413,696 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-02 23:11 . 2008-06-02 23:11 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-06-02 23:11 . 2008-06-02 23:11 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-06-02 23:11 . 2008-06-02 23:11 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-06-02 23:11 . 2008-06-02 23:11 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-02 23:09 . 2008-06-02 23:09 552,960 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-06-02 23:08 . 2008-06-02 23:08 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-06-02 23:04 . 2008-06-02 23:04 245,760 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-06-02 23:02 . 2008-06-02 23:02 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-06-02 22:47 . 2008-06-02 22:47 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-06-02 22:47 . 2008-06-02 22:47 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-06-02 22:47 . 2008-06-02 22:47 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-06-02 22:33 . 2008-06-02 22:33 48,128 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-06-02 22:29 . 2008-06-02 22:29 348,160 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-06-02 22:28 . 2008-06-02 22:28 23,040 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-06-02 22:28 . 2008-06-02 22:28 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-06-02 22:27 . 2008-06-02 22:27 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-02 22:22 . 2008-06-02 22:22 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
2008-06-02 19:53 . 2008-06-02 19:53 <DIR> d-------- C:\Program Files\iPod
2008-06-02 19:53 . 2008-06-29 14:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 19:53 . 2008-06-02 19:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-22 14:46 . 2008-05-22 14:46 13,848 --a------ C:\WINDOWS\atiogl.xml
2008-05-15 16:40 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-05-15 16:40 . 2008-05-15 16:40 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-15 16:40 . 2008-05-15 16:40 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 19:17 --------- d-----w C:\Program Files\IrfanView
2008-06-29 19:17 --------- d-----w C:\Program Files\Google
2008-06-29 18:55 --------- d-----w C:\Program Files\WhiteCanyon
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 23:58 --------- d-----w C:\Program Files\iTunes
2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-14 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 17:16 --------- d-----w C:\Program Files\Electronic Arts
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-11 01:05 485,240 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 17:57 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 20:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2007-03-14 23:41 92,064 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmmdm.sys
2007-03-14 23:41 9,232 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmmdfl.sys
2007-03-14 23:41 79,328 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmserd.sys
2007-03-14 23:41 66,656 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmbus.sys
2007-03-14 23:41 6,208 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmcmnt.sys
2007-03-14 23:41 5,936 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmwhnt.sys
2007-03-14 23:41 4,048 ----a-w C:\Documents and Settings\Daniel McClelland\mqdmcr.sys
2007-03-14 23:41 25,600 ----a-w C:\Documents and Settings\Daniel McClelland\usbsermptxp.sys
2007-03-14 23:41 22,768 ----a-w C:\Documents and Settings\Daniel McClelland\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-29 14:46 1231128]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 15:15 2576384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\day of defeat\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\deathmatch classic\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\ricochet\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\half-life deathmatch source\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\GIGABYTE\\@BIOS\\GWF32.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Photosmart Essential\\HP_IZE.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ralliart882\\garrysmod\\hl2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-29 14:46]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-29 14:46]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-29 14:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 14:46]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 14:46]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 14:11:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 14:12:39
ComboFix-quarantined-files.txt 2008-06-30 18:12:37

Pre-Run: 184,059,613,184 bytes free
Post-Run: 184,053,075,968 bytes free

183 --- E O F --- 2008-06-20 17:47:25


THE HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:49, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.23.252:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200064441421
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6261 bytes
 
Status
Not open for further replies.
Back
Top Bottom