my PC geting slow nd my CPU usage going high

September 18, 2009 at 02:29:35
Specs: Windows XP
guys help me pls. my PC is fine then i'm sleep, when im i saw my uncle playing warcraft. then i see he's lagging. after him i use it. then its totally lagging. so i restart it. in 1st it's just fine but maybe 1min higher its getting lag the warcraft not only the warcraft. even the internet. my uncle said that he just only clean the fan. after that its getting lag. sorry im not good in english. back to topic i remember my other uncle told me if the CPU usage is getting higher probably i have a virus. then ill check my task manager. then i saw my CPU usage getting 100%. any aplication i opened its getting higher. even the avgsrx.exe even if im not using AVG or scanning. sumtyms its said that avgsrx.exe = 80% up. the explorer too. i update all my scan and i try many anti virus. AVG, SPYBOT, MALWAREBYTES, AVAST, but its the same although the malwarebytes is not finish coz when im scanning my PC suddenly shutdown. my PC have a problem in the 1st place. my uncle told me that i need to buy a new power supply coz my power supply have a problem thats why my PC shutdown automatically and i cant use it longer.. guys help me pls how to solve this.. i dnt know if i have a virus trojan worm malware or what so ever. thnx

See More: my PC geting slow nd my CPU usage going high

Report •


#1
September 18, 2009 at 07:42:12
I'm Mister Mask and I will be helping you with your computer problems.

- Please do not run other tools or scans.
- Copy and paste all logs requested in you reply and follow the instructions exactly
- If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
- Absence of symptoms does not mean that everything is clear
- I cannot be responsible if the PC doesn't work after the manipulations, but I will do all my possible to help you.

So, let's go !

# 1 - Search Infections


Download "Random's System Information Tool (RSIT)" by random/random and save it on your Desktop.

- Execute RSIT.exe to start RSIT.
- Clic on Continue at screen Disclaimer and let the values as default
- If the tool HijackThis is not present or not detected RSIT dowload it, you must accept the license.
- When the analyst is finity, two reports pop up

Please post only log.txt

NB : Reports are saved in : C:\rsit\

Please in your next reply, post :
- Log.txt


Report •

#2
September 18, 2009 at 09:13:03
You said you use >>AVG, SPYBOT, MALWAREBYTES, AVAST<<

If you are running 2 antiviruses at the same time they will have a conflict. Use one or the other.

I don't thing a failing power supply will stop a PC from scanning.
Have you tried going into safe mode and scanning your PC?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
September 18, 2009 at 09:19:17
Yes cyikes I think you should uninstall either AVG or Avast and your problem may go away .

Report •

Related Solutions

#4
September 18, 2009 at 18:36:59
@jackfrost and xPuser

yes. after i scan i called my uncle. he said that i need only 1 anti virus in my PC. so i uninstalled the avast. and the other anti virus. he told me that SPYBOT is enough strong to detect some malicious program or watsoever i dnt knw what its called coz im not computer programmer or what technician etc... he told me to choose AVG or AVAST. 1 antivirus and 1 spybot. my uncle is a computer tech

scanning while im in safe mode: no, not yet

ahm b4 i install many anti virus.. i already scan the SPYBOT and AVG only . 2x.. i already clean up it all but noting's happen although i have 2 OS
windows tinyxp and windows professional

my other windows got a problem
i cant open it anymore
i cant also turn to safemode
when windows loading. its so long to wait
and nothings happen after that
when im use safe mode in that windows
its said
"partition1, partition2 multi . . ."
i forgot the others sorry and i dnt think thats the reason why im lagging although when i use tuneup 1click maintenance
i cnt finish the defragment coz when in drive D always stop the scanning not continuing so i download other clean registry

ok back to my using OS. thats why im using this windows

@mistermask i check the RSIT.EXE in other forums and site. they said that RSIT is a trojan or virus that can harm your PC ? reply me so i can sure this is not a virus or what.


Report •

#5
September 19, 2009 at 06:05:17
Hi cyikes,

You have bad read forums ;)
RSIT is a tool who create a report who Helpers allow to find problems.

He is used to spot Malware, but it's not a Malware :=)
He appears on the internet in some subjects of "virus disinfection" cause it's a tool who like by many Helpers.

@+

Sorry for my future orthographic faults, English is not my mother tongue ;=)


Report •

#6
September 19, 2009 at 08:51:44
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-20 00:05:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (80%) free of 50 GB
Total RAM: 1015 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:47, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\Domino.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://naruto-arena.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [spdetector3] C:\Program Files\Spyware Process Detector\spd317.exe TRAY
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A12901E2-C782-4AB9-AA98-0A14383E645A}: NameServer = 58.69.254.135 124.104.135.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 6419 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"=C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688]
"Domino"=C:\WINDOWS\Domino.EXE [2006-06-29 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-18 2022680]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"spdetector3"=C:\Program Files\Spyware Process Detector\spd317.exe TRAY []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]
"MP4 Player"=C:\Program Files\MP4 Player\mp4Player.exe [2008-11-07 772096]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-19 4363504]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2001-02-20 8192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0
"NoDispAppearancePage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=
"StartMenuFavorites"=
"Start_ShowMyComputer"=
"Start_ShowMyDocs"=
"Start_ShowMyMusic"=
"Start_ShowRun"=
"Start_ShowSearch"=
"NofolderOptions"=
"NoActiveDesktop"=
"NoDesktop"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\MYGAME\Special Force\specialforce.exe"="C:\Program Files\MYGAME\Special Force\specialforce.exe:*:Enabled:specialforce"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa410534-7500-11de-b126-001d60255ca4}]
shell\1\command - G:\Recycled.exe
shell\2\command - G:\Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3260743-7166-11de-b1f8-001d60255ca4}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 1 months======

2009-09-20 00:05:37 ----D---- C:\Program Files\trend micro
2009-09-20 00:05:35 ----D---- C:\rsit
2009-09-18 19:11:39 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-18 16:18:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-18 16:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-09-18 15:49:41 ----D---- C:\Program Files\Spyware Process Detector
2009-09-18 13:31:41 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-18 13:31:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-18 13:09:01 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-09-17 16:50:32 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-17 16:41:33 ----D---- C:\Config.Msi
2009-09-15 19:59:16 ----D---- C:\Program Files\Registry Easy
2009-09-15 16:14:29 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-15 16:14:29 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-15 16:14:29 ----A---- C:\WINDOWS\system32\java.exe
2009-09-15 03:27:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-15 00:27:06 ----D---- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2009-09-15 00:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-09-14 18:57:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-14 18:57:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 05:27:53 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-09-09 05:18:54 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-09-06 05:49:52 ----SHD---- C:\found.000
2009-09-04 02:29:26 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2009-09-20 00:06:14 ----D---- C:\WINDOWS\Temp
2009-09-20 00:05:37 ----RD---- C:\Program Files
2009-09-19 16:45:21 ----D---- C:\Program Files\Mozilla Firefox
2009-09-19 16:44:09 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-09-19 16:42:55 ----SHD---- C:\WINDOWS\CSC
2009-09-19 12:32:09 ----D---- C:\WINDOWS
2009-09-19 11:58:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-19 11:57:22 ----D---- C:\Program Files\Garena
2009-09-19 11:55:50 ----D---- C:\WINDOWS\system32\drivers
2009-09-19 11:53:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-19 11:52:59 ----D---- C:\WINDOWS\system32
2009-09-19 11:51:36 ----D---- C:\WINDOWS\Prefetch
2009-09-19 05:47:10 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-09-19 04:35:50 ----D---- C:\Program Files\Common Files
2009-09-18 19:11:38 ----SHD---- C:\WINDOWS\Installer
2009-09-18 19:08:53 ----SD---- C:\WINDOWS\Tasks
2009-09-18 16:46:46 ----HD---- C:\$AVG8.VAULT$
2009-09-18 14:31:34 ----D---- C:\WINDOWS\system32\config
2009-09-16 07:29:26 ----D---- C:\WINDOWS\Minidump
2009-09-16 05:01:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-15 16:13:56 ----D---- C:\Program Files\Java
2009-09-15 03:49:59 ----D---- C:\WINDOWS\system32\wbem
2009-09-15 03:49:56 ----D---- C:\WINDOWS\Registration
2009-09-15 03:37:41 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-09-15 00:45:23 ----HD---- C:\WINDOWS\inf
2009-09-15 00:45:23 ----D---- C:\WINDOWS\Help
2009-09-15 00:43:56 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-13 10:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-09 12:23:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-09-09 05:25:17 ----D---- C:\Program Files\Adobe
2009-09-09 05:25:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-09 05:23:32 ----D---- C:\Program Files\Common Files\Adobe
2009-09-09 05:23:08 ----RSD---- C:\WINDOWS\Fonts
2009-09-08 14:15:39 ----D---- C:\Program Files\BitLord
2009-09-06 19:36:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-03 19:50:50 ----AD---- C:\Program Files\Warcraft Version Switcher

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-17 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-06 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-22 30208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-06 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-05-06 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2006-11-13 11568]
S2 spd3ssl;Spyware_Process_Detector_v3.17.1; \??\C:\Program Files\Spyware Process Detector\spd317.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\MYGAME\Special Force\GameGuard\dump_wmimmc.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AVN1.tmp []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZSMC303;A4 TECH PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-12-01 392122]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-09 655624]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-09 2829724]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


Report •

#7
September 19, 2009 at 10:22:15
- Please do not run other tools or scans.
- Copy and paste all logs requested in you reply and follow the instructions exactly
- If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
- Absence of symptoms does not mean that everything is clear


Go to this site : Upload-Malware
Clic on the button to select this file :

C:\WINDOWS\Domino.exe

Clic on Upload.

Don't change the destination folder.

Don't use your USB sticks or external Drive, they look infected.

Sorry for my future orthographic faults, English is not my mother tongue ;=)


Report •

#8
September 19, 2009 at 16:20:00
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-20 07:32:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (80%) free of 50 GB
Total RAM: 1015 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:30, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\Domino.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://naruto-arena.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [spdetector3] C:\Program Files\Spyware Process Detector\spd317.exe TRAY
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A12901E2-C782-4AB9-AA98-0A14383E645A}: NameServer = 58.69.254.135 124.104.135.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 6419 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"=C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688]
"Domino"=C:\WINDOWS\Domino.EXE [2006-06-29 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-18 2022680]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"spdetector3"=C:\Program Files\Spyware Process Detector\spd317.exe TRAY []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]
"MP4 Player"=C:\Program Files\MP4 Player\mp4Player.exe [2008-11-07 772096]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-19 4363504]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2001-02-20 8192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0
"NoDispAppearancePage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=
"StartMenuFavorites"=
"Start_ShowMyComputer"=
"Start_ShowMyDocs"=
"Start_ShowMyMusic"=
"Start_ShowRun"=
"Start_ShowSearch"=
"NofolderOptions"=
"NoActiveDesktop"=
"NoDesktop"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\MYGAME\Special Force\specialforce.exe"="C:\Program Files\MYGAME\Special Force\specialforce.exe:*:Enabled:specialforce"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa410534-7500-11de-b126-001d60255ca4}]
shell\1\command - G:\Recycled.exe
shell\2\command - G:\Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3260743-7166-11de-b1f8-001d60255ca4}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 1 months======

2009-09-20 00:05:37 ----D---- C:\Program Files\trend micro
2009-09-20 00:05:35 ----D---- C:\rsit
2009-09-18 19:11:39 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-18 16:18:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-18 16:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-09-18 15:49:41 ----D---- C:\Program Files\Spyware Process Detector
2009-09-18 13:31:41 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-18 13:31:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-18 13:09:01 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-09-17 16:50:32 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-17 16:41:33 ----D---- C:\Config.Msi
2009-09-15 19:59:16 ----D---- C:\Program Files\Registry Easy
2009-09-15 16:14:29 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-15 16:14:29 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-15 16:14:29 ----A---- C:\WINDOWS\system32\java.exe
2009-09-15 03:27:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-15 00:27:06 ----D---- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2009-09-15 00:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-09-14 18:57:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-14 18:57:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 05:27:53 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-09-09 05:18:54 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-09-06 05:49:52 ----SHD---- C:\found.000
2009-09-04 02:29:26 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2009-09-20 07:32:43 ----D---- C:\WINDOWS\Temp
2009-09-20 07:25:26 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-09-20 07:25:21 ----D---- C:\Program Files\Mozilla Firefox
2009-09-20 06:17:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-20 06:17:16 ----D---- C:\Program Files\Garena
2009-09-20 06:06:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-20 06:06:45 ----SHD---- C:\WINDOWS\CSC
2009-09-20 00:05:37 ----RD---- C:\Program Files
2009-09-19 16:44:04 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-09-19 12:32:09 ----D---- C:\WINDOWS
2009-09-19 11:55:50 ----D---- C:\WINDOWS\system32\drivers
2009-09-19 11:52:59 ----D---- C:\WINDOWS\system32
2009-09-19 11:51:36 ----D---- C:\WINDOWS\Prefetch
2009-09-19 04:35:50 ----D---- C:\Program Files\Common Files
2009-09-18 19:11:38 ----SHD---- C:\WINDOWS\Installer
2009-09-18 19:08:53 ----SD---- C:\WINDOWS\Tasks
2009-09-18 16:46:46 ----HD---- C:\$AVG8.VAULT$
2009-09-18 14:31:34 ----D---- C:\WINDOWS\system32\config
2009-09-16 07:29:26 ----D---- C:\WINDOWS\Minidump
2009-09-16 05:01:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-15 16:13:56 ----D---- C:\Program Files\Java
2009-09-15 03:49:59 ----D---- C:\WINDOWS\system32\wbem
2009-09-15 03:49:56 ----D---- C:\WINDOWS\Registration
2009-09-15 03:37:41 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-09-15 00:45:23 ----HD---- C:\WINDOWS\inf
2009-09-15 00:45:23 ----D---- C:\WINDOWS\Help
2009-09-15 00:43:56 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-13 10:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-09 12:23:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-09-09 05:25:17 ----D---- C:\Program Files\Adobe
2009-09-09 05:25:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-09 05:23:32 ----D---- C:\Program Files\Common Files\Adobe
2009-09-09 05:23:08 ----RSD---- C:\WINDOWS\Fonts
2009-09-08 14:15:39 ----D---- C:\Program Files\BitLord
2009-09-06 19:36:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-03 19:50:50 ----AD---- C:\Program Files\Warcraft Version Switcher

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-17 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-06 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-22 30208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-06 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-05-06 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2006-11-13 11568]
S2 spd3ssl;Spyware_Process_Detector_v3.17.1; \??\C:\Program Files\Spyware Process Detector\spd317.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\MYGAME\Special Force\GameGuard\dump_wmimmc.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FVI1.tmp []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZSMC303;A4 TECH PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-12-01 392122]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-09 655624]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-09 2829724]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


im not scanning or using any tools
just only this mozilla firefox
and i uploaded that domino.exe


Report •

#9
September 19, 2009 at 16:33:42
by the way. this is the other problem i encountered

(sound like machine gun. blue screen)

a problem has been occured and windows has been shutdown to prevent damage to your computer

check to be sure u have adequate disk space. if a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. try changing video adapters.


beginning dump of physical memory
physical memory dump complete
contact ur administrator.....

if this problem connected to my other problem ?
i encountered this problem before i reformat my PC

my uncle told me why this happening bcoz he remove the video card.

before i encountered this problem. im not lagging or sumting my PC is slow

maybe my uncle right. when the video card remove. maybe 2 weeks up. i encountered this problem. then he reformat coz many virus and my windows got crash. so this is it

when he reformat. 2 OS
maybe 2weeks - 3weeks the other OS got crash and this OS getting lag and i encoutered again blue screen :D

add me up ym cyikes1824@yahoo.com


Report •

#10
September 20, 2009 at 20:59:32
by the way.
i already finish the scan while in SAFE MODE
AVG and SPYBOT but nothing's happened

this is the log of AVG

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.401, engine 8.0.416
Virus Database: Version 270.13.110/2385 2009-09-20

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
D:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll Locked file. Not tested.
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll.dmp Locked file. Not tested.
D:\Program Files\AVG\AVG8\Toolbar\Update\igt29C.tmp Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.
E:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 284101
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------


help me pls T_T


Report •


Ask Question