TheTechGuide Forum
General Category => Tech Clinic => Topic started by: jayyap on August 25, 2007, 08:56:55 PM
-
my msn acting very weird...it keeps send file/pic to my friends.how can i stop it?
-
is this happening while you are on it? or are you being kicked off and coming back on to hear your friends yelling at you?
-
Download Hijackthis 2.0.2 from my signature below
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum...Don't try and fix anything yet----It is all important!
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:23 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system\smss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LSA Shell] C:\WINDOWS\system\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: Windows NT Session Manager (WINNTSMSS) - Unknown owner - C:\WINDOWS\system\smss.exe
--
End of file - 5849 bytes
-
Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-
here's the report
SDFix: Version 1.100
Run by jayyap on Sun 08/26/2007 at 06:20 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system\lsass.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system\\lsass.exe"="C:\\WINDOWS\\system\\lsass.exe:*:Enabled:Messenger Sharing"
"C:\\DOCUME~1\\jayyap\\LOCALS~1\\Temp\\Rar$DI00.406\\www.web-image17.com"="C:\\DOCUME~1\\jayyap\\LOCALS~1\\Temp\\Rar$DI00.406\\www.web-image17.com:*:Enabled:Messenger Sharing"
"C:\\Documents and Settings\\jayyap\\My Documents\\My Received Files\\My-Pictures\\www.web-image17.com"="C:\\Documents and Settings\\jayyap\\My Documents\\My Received Files\\My-Pictures\\www.web-image17.com:*:Enabled:Messenger Sharing"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\SuperUtility\BMPVsAWD.dll
C:\Program Files\SuperUtility\Decode.dll
C:\Program Files\SuperUtility\Encode.dll
C:\Program Files\SuperUtility\FoxAwdWFlashDLL.dll
C:\Program Files\SuperUtility\Fxdrv.dll
C:\Program Files\SuperUtility\fxexpand.EXE
C:\Program Files\SuperUtility\FoxAwdWINFLASH.sys
C:\Program Files\SuperUtility\FoxAwdWINFLASH64.sys
C:\Program Files\SuperUtility\Fxdrv.sys
Finished
here's the HJT log files
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:37 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LSA Shell] C:\WINDOWS\system\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: Windows NT Session Manager (WINNTSMSS) - Unknown owner - C:\WINDOWS\system\smss.exe (file missing)
--
End of file - 5816 bytes
-
Still some remaining leftovers
Can you do the following please
Download MsnCleaner.zip (http://\"http://www.forospyware.com/Msncleaner/MsnCleaner.zip\") from here, unzip the contents too desktop but don't use it yet.
===Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop, we'll need it in a bit
Ensure to copy from REGEDIT4 and down in the code box
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system\\lsass.exe"=-
"C:\\DOCUME~1\\jayyap\\LOCALS~1\\Temp\\Rar$DI00.406\\www.web-image17.com"=-
"C:\\Documents and Settings\\jayyap\\My Documents\\My Received Files\\My-Pictures\\www.web-image17.com"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LSA Shell"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
==Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Can you Print the rest of these instructions, or save them too desktop for reference
Close down all browser windows
Double click on fix.reg and allow to add/merge to the registry at the prompt
Go to START>>RUN>>type in
services.msc
Hit OK
In the next window, look on the right hand side for this Exact service
name---- Windows NT Session Manager
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply and OK it then exit out of there
Open Hijackthis>>Open MISC TOOLS SECTION>>Open "Delete an NT Service"
In the new windows open field, copy>>paste the below in bold to the open field then click OK
WINNTSMSS
Hijackthis should prompt if you want to delete the service and reboot the computer
Allow this
But when rebooting>> reboot into Safe Mode
In safe mode:
Find and delete this file if found:
C:\Documents and Settings\jayyap\My Documents\My Received Files\My-Pictures\www.web-image17.com <-this file
=========================================
==Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
=====================================================
* Double-click MsnCleaner_eng.exe to run it.
* Click the Analyze button.
* A report will be created once after you finish scan.
* If it finds an infection, click the Deleted button.
* Now, please reboot back to normal mode.
* Please post the contents of C:\MsnCleaner.txt in a reply to this post along with a fresh hijackthis log
Let me also know how things are running
-
y i cant DL msncleaner and where is the msncleaner that u want me to DL?i get into some forum web sites.can u comfirm again
?
-
http://www.forospyware.com/Msncleaner/MsnCleaner.zip (http://\"http://www.forospyware.com/Msncleaner/MsnCleaner.zip\")
(Copy/Paste the URL into the address bar or use "Save Target As")
-
hmm wierd
-
thax 4 ur help.here's the report after i perform all the steps
- Logfile MSNCleaner 1.2.5
- Created Logfile: 8/28/2007 on 7:03:34 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________
Detected files: 0
Deleted file: 0
Undeleted Files: 0
<<<<<<< No file found >>>>>>>
here is the HJT logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:25 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 5603 bytes
-
i would like to ask about sth...today after i install command and conquer 3.i cant run the game.and a pop up apears and it mention "this application has failed to start because d3dx9_29.dll was not found.what is the problem?
-
Can you still do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
Windows will prompt when it was created successfully
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
I would add a bit more protection to this computer
Install
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\") *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
If there are other user profiles on the computer, have them login and
click the "enable all protections" with Spywareblaster under the Protection tab
Let's remove some files/folders that we used/produced
Download this tool:
[color=\"blue\"]OTMoveIt[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe\") by OldTimer:- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Select Yes to reboot Now
After reboot you can empty your recycle bin
Take note of the following:
Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1
It appears that you are not fully updated from Windows Updates
Can you manually visit Windows updates
In Internet Explorer click on TOOLS>>Windows updates
Run the Express scan
Install all latest high priority updates
Reboot when prompted, revisit till you have all latest high priorities
Concerning the following
this application has failed to start because d3dx9_29.dll was not found
Go to START>>RUN>>type in dxdiag
Hit OK
when the utility loads
Can you verify your version of Direct X under System Information
-
i curently using a pirated windows.i still can get updates from there?by the way, my directx is version 8.1
-
I had this happen before you may have it in your settings somewhere. Also it could be the person on the other side they may be automatically doing it you it has occured to me numerous times.
-
[quote name=\'jayyap\' post=\'383263\' date=\'Aug 30 2007, 11:43 PM\']i curently using a pirated windows.i still can get updates from there?by the way, my directx is version 8.1[/quote]
Well, it would be helpful if you had a legal version of XP
You could get the latest version of DirectX from Microsoft website
You could try the following
Create a new System Restore point
You may be able to download DirectX 9 from google
Here's a link
http://filehippo.com/download_directx/?2465 (http://\"http://filehippo.com/download_directx/?2465\")
If you still have problems with that error message after installing DirectX 9
Post back
-
thax 4 ur advice.i will consider about it.
but now,after i install it stil being like that.
-
This may help,
Now that you have the latest DirectX installed
Go to this link
http://www.threelights.de/index.php?page=p...x_dll_files.php (http://\"http://www.threelights.de/index.php?page=projects/d3dx9_xx_dll_files.php\")
Scroll down to
D3DX February 2006 Update (for 32 bit systems) d3dx9_29.dll
Click the download link
Save to desktop, Unzip the folder within to desktop
Open the folder and open the "Installer" folder
Double click on DXSetup.exe
Follow the prompts, it should install the missing d3dx9_29.dll file to the System32 folder
-
i ad follow the steps.but now it appear another."this application has failed to start because d3d9.dll was not found."
-
Go to START>>RUN
type in dxdiag
Hit OK
Wait for it to load
Afterwards, select the button at the bottom
"Save all information"
Save this file to your desktop
Copy>>paste back here the contents of that file
It may take more than one reply to post it all
-
------------------
System Information
------------------
Time of this report: 9/5/2007, 14:55:43
Machine name: YAP-QNI9GRX7HO5
Operating System: Microsoft Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp1.020828-1920)
Language: English (Regional Setting: English)
System Manufacturer: INTELR
System Model: AWRDACPI
BIOS: IntelR - 42302e31
Processor: Intel® Pentium® D CPU 2.66GHz (2 CPUs)
Memory: 510MB RAM
Page File: 372MB used, 876MB available
Primary File System: n/a
DirectX Version: DirectX 8.1 (4.08.01.0810)
DX Setup Parameters: Not found
DxDiag Version: 5.01.2600.1106 32bit Unicode
------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.
------------------
DirectX Components
------------------
ddraw.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 253440 bytes
ddrawex.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 24064 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 10496 bytes
d3d8.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 1180672 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 436224 bytes
d3dim700.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 791040 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 34816 bytes
dplayx.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 212992 bytes
dpmodemx.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 20992 bytes
dpwsockx.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 49664 bytes
dplaysvr.exe: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 26112 bytes
dpnsvr.exe: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 18944 bytes
dpnet.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 156672 bytes
dpnlobby.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 38400 bytes
dpnwsock.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 61952 bytes
dpnaddr.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 26112 bytes
dpnmodem.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 62464 bytes
dpvoice.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 206336 bytes
dpvsetup.exe: 5.01.2600.1106 English Final Retail 8/29/2002 03:41:22 58368 bytes
dpvvox.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 113152 bytes
dpvacm.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 24064 bytes
dpnhpast.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 29696 bytes
dpnhupnp.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 56320 bytes
dinput.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 151552 bytes
dinput8.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 168960 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 394240 bytes
joy.cpl: 5.01.2600.1106 English Final Retail 8/29/2002 03:41:28 65536 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 76800 bytes
pid.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:50:10 31744 bytes
dsound.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 338944 bytes
dsound3d.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 1293824 bytes
dswave.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 16896 bytes
dsdmo.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 165888 bytes
dsdmoprp.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 66560 bytes
dmusic.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 94720 bytes
dmband.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 26112 bytes
dmcompos.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 57344 bytes
dmime.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 172544 bytes
dmloader.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 31744 bytes
dmstyle.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 110080 bytes
dmsynth.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 99840 bytes
dmscript.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 77312 bytes
dx7vb.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 595456 bytes
dx8vb.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 1185792 bytes
mfc40.dll: 4.01.00.6140 English Final Retail 8/23/2001 20:00:00 924432 bytes
mfc42.dll: 6.00.8665.0000 English Beta Retail 8/23/2001 20:00:00 995383 bytes
wsock32.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 21504 bytes
amstream.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 63488 bytes
devenum.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 51712 bytes
dxmasf.dll: 6.04.09.1125 English Final Retail 8/29/2002 03:40:52 498205 bytes
mciqtz32.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 33280 bytes
mpg2splt.ax: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:28 135168 bytes
msdmo.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 11264 bytes
qasf.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 152576 bytes
qcap.dll: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:10 184832 bytes
qdv.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 266752 bytes
qdvd.dll: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:10 357376 bytes
qedit.dll: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:10 511488 bytes
qedwipes.dll: 6.04.2600.0000 English Final Retail 8/23/2001 20:00:00 734208 bytes
quartz.dll: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:10 1142784 bytes
strmdll.dll: 4.01.00.3928 English Final Retail 8/29/2002 03:41:18 251904 bytes
mswebdvd.dll: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:08 192512 bytes
ks.sys: 5.01.2600.1106 English Final Retail 8/29/2002 02:13:42 131712 bytes
ksproxy.ax: 5.01.2600.0000 English Final Retail 8/17/2001 22:37:04 117248 bytes
ksuser.dll: 5.01.2600.0000 English Final Retail 8/17/2001 22:36:18 4096 bytes
stream.sys: 5.01.2600.1106 English Final Retail 8/29/2002 01:32:34 44416 bytes
mspclock.sys: 5.01.2600.0000 English Final Retail 8/17/2001 13:48:42 5120 bytes
mspqm.sys: 5.01.2600.0000 English Final Retail 8/17/2001 13:48:46 4608 bytes
mskssrv.sys: 5.01.2600.1106 English Final Retail 8/29/2002 01:27:12 7040 bytes
swenum.sys: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 3840 bytes
msvidctl.dll: 6.04.2600.1106 English Final Retail 8/29/2002 03:41:08 1220608 bytes
vbisurf.ax: 5.01.2600.1106 English Final Retail 8/29/2002 03:41:28 27136 bytes
msyuv.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 16384 bytes
wstdecod.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 46080 bytes
---------------
Display Devices
---------------
Card name: RADEON X550
Manufacturer: ATI Technologies Inc.
Chip type: ATI display adapter (0x5B63)
DAC type: Internal DAC(400MHz)
Device ID: Enum\PCI\VEN_1002&DEV_5B63&SUBSYS_1B631002&REV_00
Display Memory: 256.0 MB
Current Mode: 1152 x 864 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: ati2dvag.dll
Driver Version: 6.14.10.6561 (English)
DDI Version: 8 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 8/4/2005 11:10:36, 205312 bytes
Driver Signed: Yes
WHQL Date Stamp: n/a
VDD:
Mini VDD: ati2mtag.sys
Mini VDD Date: 8/4/2005 11:10:16, 1273344 bytes
Device Identifier: {D7B71EE2-1823-11CF-136A-693BA1C2CB35}
Vendor ID: 0x1002
Device ID: 0x5B63
SubSys ID: 0x1B631002
Revision ID: 0x0000
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
DDraw Test Result:
D3D7 Test Result:
D3D8 Test Result:
-------------
Sound Devices
-------------
Description: Realtek AC97 Audio
Device ID: PCI\VEN_8086&DEV_27DE&SUBSYS_0C82105B&REV_01
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: ALCXWDM.SYS
Driver Version: 5.10.00.5970 (English)
Driver Attributes: Final Retail
Driver Signed: Yes
Date and Size: 11/22/2005 14:44:22, 3804416 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Full
Registry: OK
Sound Test Result:
-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
Version: 1.00.16.0002
Ports:
Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Realtek AC97 Audio, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Music Test Result:
------------------
DirectShow Filters
------------------
DirectShow Filters:
WMAudio Decoder DMO,0x00600800,1,1,,
WMVideo 8 Decoder DMO,0x00800001,1,1,,
MSScreen decoder DMO,0x00600800,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
VP6 Decompressor,0x00800000,1,1,vp6dec.ax,6.04.02.0000
ffdshow Video Decoder,0xff800001,2,1,ffdshow.ax,1.00.03.1368
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.04.2600.1106
CoreVorbis Audio Decoder,0x00800000,1,1,CoreVorbis.ax,1.01.00.0079
CoreAVC Video Decoder,0x00600200,1,1,CoreAVCDecoder.ax,1.03.00.0000
ffdshow raw video filter,0x00200000,2,1,ffdshow.ax,1.00.03.1368
RealPlayer Video Filter,0x00200000,1,1,rdsf3260.dll,6.00.12.1791
ffdshow Audio Decoder,0x3fffffff,1,1,ffdshow.ax,1.00.03.1368
DV Muxer,0x00400000,0,0,qdv.dll,6.04.2600.0000
Mpeg Source,0x00200000,0,0,MpegSplitter.ax,1.00.00.0004
Color Space Converter,0x00400001,1,1,quartz.dll,6.04.2600.1106
WM ASF Reader,0x00400000,0,0,qasf.dll,6.04.2600.0000
AVI Splitter,0x00600000,1,1,quartz.dll,6.04.2600.1106
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.04.2600.1106
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.00.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.04.2600.1106
StreamBufferSink,0x00200000,0,0,sbe.dll,6.04.2600.1106
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.04.2600.1106
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.00.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.04.2600.1106
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.09.00.0311
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.04.2600.1106
MP4 Source,0x00600000,0,0,MP4Splitter.ax,1.00.00.0002
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.00.0000
FLV Splitter,0x00600000,1,1,FLVSplitter.ax,1.00.00.0002
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.04.2600.1106
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.04.2600.1106
WavPack Audio Decoder,0x00600000,1,1,WavPackDSDecoder.ax,1.01.00.0482
File Source (Netshow URL),0x00400000,0,1,dxmasf.dll,6.04.09.1125
DV Splitter,0x00600000,1,2,qdv.dll,6.04.2600.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.00.4487
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.00.4000
Haali Media Splitter,0x00800001,0,1,splitter.ax,1.07.189.0011
MP4 Splitter,0x00600000,1,1,MP4Splitter.ax,1.00.00.0002
Windows Media Multiplexer,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASX file Parser,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASX v.2 file Parser,0x00600000,1,0,dxmasf.dll,6.04.09.1125
NSC file Parser,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ACM Wrapper,0x00600000,1,1,quartz.dll,6.04.2600.1106
Windows Media source filter,0x00600000,0,2,dxmasf.dll,6.04.09.1125
Video Renderer,0x00800001,1,0,quartz.dll,6.04.2600.1106
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.04.2600.1106
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.04.2600.1106
Video Port Manager,0x00600000,2,1,quartz.dll,6.04.2600.1106
WST Decoder,0x00600000,1,1,wstdecod.dll,5.01.2600.0000
Video Renderer,0x00400000,1,0,quartz.dll,6.04.2600.1106
DivX Decoder Filter,0xff800000,1,1,divxdec.ax,6.06.01.0004
WM ASF Writer,0x00400000,0,0,qasf.dll,6.04.2600.0000
FLV Video Decoder,0x00600000,1,1,FLVSplitter.ax,1.00.00.0002
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.01.2600.1106
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.00.4487
File writer,0x00200000,1,0,qcap.dll,6.04.2600.1106
RadLight MPC DirectShow Filter,0x00600000,0,1,RLMPCDec.ax,1.00.00.0004
CyberLink Video/SP Decoder (PDVD7),0x00602000,2,3,CLVSD.ax,6.00.00.3402
Haali Simple Media Splitter,0x00200000,0,1,splitter.ax,1.07.189.0011
DirectVobSub,0x00200000,2,1,vsfilter.dll,1.00.01.0004
DirectVobSub (auto-loading version),0x00800002,2,1,vsfilter.dll,1.00.01.0004
DVD Navigator,0x00200000,0,2,qdvd.dll,6.04.2600.1106
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.04.2600.1106
Haali Matroska Muxer,0x00200000,1,0,splitter.ax,1.07.189.0011
AC3Filter,0x40000000,1,1,ac3filter.ax,1.03.01.0000
AVI Draw,0x00600064,9,1,quartz.dll,6.04.2600.1106
.RAM file Parser,0x00600000,1,0,dxmasf.dll,6.04.09.1125
DC-Bass Source,0x00400000,0,1,DCBassSource.ax,1.01.00.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.04.2600.1106
DV Video Decoder,0x00800000,1,1,qdv.dll,6.04.2600.0000
RealPlayer Transcode Filter,0x00600000,0,0,rdsf3260.dll,6.00.12.1791
Windows Media Update Filter,0x00400000,1,0,dxmasf.dll,6.04.09.1125
ffdshow Audio Processor,0x00200000,1,1,ffdshow.ax,1.00.03.1368
ASF DIB Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF ACM Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF ICM Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF URL Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF JPEG Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF DJPEG Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
ASF embedded stuff Handler,0x00600000,1,1,dxmasf.dll,6.04.09.1125
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.00.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.04.2600.1106
Null Renderer,0x00200000,1,0,qedit.dll,6.04.2600.1106
VP7 Decompressor,0x00800000,1,1,vp7dec.ax,7.00.10.0000
FLV Source,0x00600000,0,0,FLVSplitter.ax,1.00.00.0002
StreamBufferSource,0x00200000,0,0,sbe.dll,6.04.2600.1106
WMP CD Filter,0x00600000,0,1,wmpcd.dll,8.00.00.4487
Smart Tee,0x00200000,1,2,qcap.dll,6.04.2600.1106
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.04.2600.1106
RealPlayer Audio Filter,0x00200000,1,1,rdsf3260.dll,6.00.12.1791
AVI Decompressor,0x00600000,1,1,quartz.dll,6.04.2600.1106
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.04.2600.1106
MPEG4 Video Splitter,0x00600000,1,1,MP4Splitter.ax,1.00.00.0002
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.04.2600.1106
Wave Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
MIDI Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
Multi-file Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
Lyric Parser,0x00400000,1,1,quartz.dll,6.04.2600.1106
File stream renderer,0x00400000,1,1,quartz.dll,6.04.2600.1106
XML Playlist,0x00400000,1,0,dxmasf.dll,6.04.09.1125
WavPack Audio Splitter,0x00600000,1,1,WavPackDSSplitter.ax,1.01.00.0319
Mpeg Splitter,0x00600001,1,1,MpegSplitter.ax,1.00.00.0004
AVI Mux,0x00200000,1,0,qcap.dll,6.04.2600.1106
MPEG4 Video Source,0x00600000,0,0,MP4Splitter.ax,1.00.00.0002
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.04.2600.1106
File Source (Async.),0x00400000,0,1,quartz.dll,6.04.2600.1106
File Source (URL),0x00400000,0,1,quartz.dll,6.04.2600.1106
Haali Video Sink,0x00200000,1,0,splitter.ax,1.07.189.0011
Windows Media Pad VU Data Grabber,0x00600000,1,0,wmmfilt.dll,1.01.2427.0001
AC3File,0x00600000,0,1,ac3file.ax,
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.04.2600.1106
QT Decompressor,0x00600000,1,1,quartz.dll,6.04.2600.1106
ShotBoundaryDet,0x00200000,1,1,wmmfilt.dll,1.01.2427.0001
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.04.2600.1106
WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00200000,2,2,ksproxy.ax,5.01.2600.0000
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,ksproxy.ax,5.01.2600.0000
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,ksproxy.ax,5.01.2600.0000
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,ksproxy.ax,5.01.2600.0000
Video Compressors:
WMVideo Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.04.2600.0000
ffdshow video encoder,0x00100000,1,1,ffdshow.ax,1.00.03.1368
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.04.2600.1106
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.04.2600.1106
DivX® 6.6.1 Codec (2 Logical CPUs),0x00200000,1,1,qcap.dll,6.04.2600.1106
ffdshow Video Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.04.2600.1106
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft RLE,0x00200000,1,1,qcap.dll,6.04.2600.1106
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.04.2600.1106
Xvid MPEG-4 Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Helix YV12 YUV Codec,0x00200000,1,1,qcap.dll,6.04.2600.1106
Audio Compressors:
WMAudio Encoder DMO,0x00600800,1,1,,
IMA ADPCM,0x00200000,1,1,quartz.dll,6.04.2600.1106
PCM,0x00200000,1,1,quartz.dll,6.04.2600.1106
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.04.2600.1106
ACELP.net,0x00200000,1,1,quartz.dll,6.04.2600.1106
DSP Group TrueSpeech(tm),0x00200000,1,1,quartz.dll,6.04.2600.1106
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.04.2600.1106
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.04.2600.1106
GSM 6.10,0x00200000,1,1,quartz.dll,6.04.2600.1106
Messenger Audio Codec,0x00200000,1,1,quartz.dll,6.04.2600.1106
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.04.2600.1106
CCITT A-Law,0x00200000,1,1,quartz.dll,6.04.2600.1106
CCITT u-Law,0x00200000,1,1,quartz.dll,6.04.2600.1106
AC3,0x00200000,1,1,quartz.dll,6.04.2600.1106
DTS,0x00200000,1,1,quartz.dll,6.04.2600.1106
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.04.2600.1106
Audio Capture Sources:
Realtek AC97 Audio,0x00200000,0,0,qcap.dll,6.04.2600.1106
Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.04.2600.1106
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.04.2600.1106
WDM Streaming Capture Devices:
Realtek AC97 Audio,0x00200000,3,3,ksproxy.ax,5.01.2600.0000
WDM Streaming Rendering Devices:
Realtek AC97 Audio,0x00200000,3,3,ksproxy.ax,5.01.2600.0000
WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,
BDA CP/CA Filters:
Decrypt/Tag,0x00200000,0,0,encdec.dll,6.04.2600.1106
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.04.2600.1106
XDS Codec,0x00200000,0,0,encdec.dll,6.04.2600.1106
Audio Renderers:
Realtek AC97 Audio,0x00200000,1,0,quartz.dll,6.04.2600.1106
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.04.2600.1106
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.04.2600.1106
DirectSound: Realtek AC97 Audio,0x00200000,1,0,quartz.dll,6.04.2600.1106
WDM Streaming System Devices:
Realtek AC97 Audio,0x00200000,18,2,ksproxy.ax,5.01.2600.0000
-------------
Input Devices
-------------
Device Name: USB Human Interface Device
Provider: (Standard system devices)
Hardware ID: USB\Vid_043d&Pid_00e9&Rev_0001&MI_02
Status: 0
Port Name: USB Composite Device
Port Provider: (Standard USB Host Controller)
Port ID: USB\Vid_043d&Pid_00e9&Rev_0001
Port Status: 0
Poll w/ Interrupt: No
Registry: OK
-------------
Input Drivers
-------------
----------------------------
DirectPlay Service Providers
----------------------------
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.01.2600.1106)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.01.2600.1106)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.01.2600.0000)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.01.2600.0000)
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnmodem.dll (5.01.2600.0000)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnmodem.dll (5.01.2600.0000)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnwsock.dll (5.01.2600.0000)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnwsock.dll (5.01.2600.0000)
DirectPlay Test Result:
-------------------------
DirectPlay Lobbyable Apps
-------------------------
-
I want to direct you to the following I posted earlier
Create a new System Restore point
You may be able to download DirectX 9 from google
Here's a link
http://filehippo.com/download_directx/?2465 (http://\"http://filehippo.com/download_directx/?2465\")
If you still have problems with that error message after installing DirectX 9
Post back
Honestly, you need to get directx 9, the link at filehippo has the version
Your DirectX diagnostic utility I had you export and post showed the following
DirectX Version: DirectX 8.1 (4.08.01.0810)
DX Setup Parameters: Not found
DxDiag Version: 5.01.2600.1106 32bit Unicode
------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.
------------------
DirectX Components
------------------
ddraw.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 253440 bytes
ddrawex.dll: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 24064 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/23/2001 20:00:00 10496 bytes
d3d8.dll: 5.01.2600.1106 English Final Retail 8/29/2002 03:40:50 1180672 bytes
Notice the version you have installed is STILL DirectX 8.1
Also notice the file version d3d8.dll
You said the following
"this application has failed to start because d3d9.dll was not found."
UPDATE to version 9, do you understand what I'm getting at???
-
how to do system restore point.izit juz like tis?
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
-
Yup, that will do it
-
i ad create the restore point and DL the installation of directx and install it already.but it seems still the same.izit bcoz of sum virus in my comp that cause my directx unable to update?
-
[quote name=\'jayyap\' post=\'385720\' date=\'Sep 6 2007, 11:15 PM\']i ad create the restore point and DL the installation of directx and install it already.but it seems still the same.izit bcoz of sum virus in my comp that cause my directx unable to update?[/quote]
I'm sorry, I don't understand what you mean
Can i see a fresh hijackthis log please
-
what i mean is i already perform all the steps but itz still the same.i cant run the game.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:19 AM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542148000 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188542148000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542134593 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188542134593\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 6618 bytes
-
If you weren't able to update to directx 9, you may be out of luck
Unless you can update it also illegally
That will be up to you to figure out, I'm not going that direction any further
To see if you may be any more virus stricken
Can I see one last log
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from Combofix
-
thax 4 ur advise
ComboFix 07-09-08.7 - "jayyap" 2007-09-08 14:13:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.224 [GMT 8:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.
2007-09-08 14:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-06 20:48 <DIR> d-------- C:\DOCUME~1\lihhorng\Contacts
2007-09-02 22:22 <DIR> d-------- C:\DOCUME~1\lihhorng\APPLIC~1\Teleca
2007-09-02 12:11 <DIR> d-------- C:\Program Files\Disc2Phone
2007-09-02 12:06 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-09-02 10:48 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\Teleca
2007-09-02 10:47 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-09-02 10:47 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-02 10:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-09-02 10:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-09-02 10:45 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2007-09-02 10:45 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2007-08-31 14:36 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-08-31 14:36 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-31 14:36 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-08-31 14:36 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-08-31 14:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-29 14:41 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\DivX
2007-08-29 14:17 <DIR> d-------- C:\Program Files\Electronic Arts
2007-08-28 18:46 <DIR> d-------- C:\BackUpMSNCleaner
2007-08-26 18:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-26 18:12 40,960 --a------ C:\djfbi.exe
2007-08-24 16:55 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-24 13:26 <DIR> d-------- C:\Program Files\Google
2007-08-24 13:26 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\Google
2007-08-20 11:41 <DIR> d-------- C:\Program Files\Mitsubishi Lancer
2007-08-20 11:39 48,640 --a------ C:\WINDOWS\grwprocs.dll
2007-08-20 11:39 405,504 --a------ C:\WINDOWS\18be.scr
2007-08-20 11:39 397,968 --a------ C:\WINDOWS\18be.dat
2007-08-20 11:34 <DIR> d-------- C:\Program Files\Mitsubishi Lancer 2
2007-08-20 00:24 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\WinRAR
2007-08-20 00:21 <DIR> d-------- C:\WINDOWS\directx
2007-08-19 22:02 <DIR> d-------- C:\DOCUME~1\lihhorng\APPLIC~1\Real
2007-08-19 22:02 <DIR> d-------- C:\DOCUME~1\lihhorng\APPLIC~1\FaxCtr
2007-08-18 16:47 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-18 13:46 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-18 13:46 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-18 13:46 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-18 13:46 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-18 13:46 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-18 13:46 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-18 13:46 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-18 13:46 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-18 13:46 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-18 13:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-18 12:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-18 12:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-17 23:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 22:33 <DIR> d-------- C:\Program Files\CCleaner
2007-08-17 14:09 <DIR> d---s---- C:\DOCUME~1\jayyap\UserData
2007-08-17 14:08 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\FaxCtr
2007-08-16 21:12 409,600 --a------ C:\WINDOWS\system32\lxcrinpa.dll
2007-08-16 21:12 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
2007-08-16 21:12 393,216 --a------ C:\WINDOWS\system32\lxcriesc.dll
2007-08-16 21:12 303,104 --a------ C:\WINDOWS\system32\lxcrcoin.dll
2007-08-16 21:12 <DIR> d-------- C:\Program Files\lx_cats
2007-08-16 21:11 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-16 21:11 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-08-16 21:11 684,032 --a------ C:\WINDOWS\system32\lxcrdrs.dll
2007-08-16 21:11 65,536 --a------ C:\WINDOWS\system32\lxcrcaps.dll
2007-08-16 21:11 61,440 --a------ C:\WINDOWS\system32\lxcrcnv4.dll
2007-08-16 21:11 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-16 21:11 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-16 21:10 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-08-16 21:10 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-08-16 21:10 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-08-16 21:10 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-08-16 21:10 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-08-16 21:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
2007-08-16 21:09 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-08-16 21:08 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-08-16 21:08 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-08-16 21:07 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-08-16 20:36 <DIR> d-------- C:\Program Files\LimeWire
2007-08-16 18:33 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\Media Player Classic
2007-08-16 18:30 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-16 18:29 <DIR> d-------- C:\Program Files\Real
2007-08-16 18:29 <DIR> d-------- C:\Program Files\Common Files\Real
2007-08-16 18:29 <DIR> d-------- C:\DOCUME~1\jayyap\APPLIC~1\Real
2007-08-16 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-16 17:40 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-16 17:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-16 17:40 <DIR> d-------- C:\Program Files\DAP
2007-08-16 17:36 <DIR> d-------- C:\Program Files\Winamp
2007-08-16 17:33 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-16 17:29 <DIR> d-------- C:\Program Files\TTPlayer
2007-08-16 17:28 <DIR> d-------- C:\DOCUME~1\jayyap\Contacts
2007-08-16 17:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-16 17:20 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-16 17:20 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-08-16 17:20 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-16 17:20 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-16 17:20 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-16 17:20 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-08-16 17:20 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-16 17:20 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-16 17:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-08-16 17:04 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-16 17:04 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-16 15:56 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-20 11:09 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-20 11:09 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-07-31 11:41 249344 --a------ C:\WINDOWS\Mitsubishi Lancer 2.scr
2007-07-31 11:41 1383373 --a------ C:\WINDOWS\Mitsubishi Lancer 2.bin
2007-07-31 11:41 1010460 --a------ C:\WINDOWS\creamplayer.exe
2007-07-31 11:40 323021 --a------ C:\WINDOWS\Mitsubishi Lancer.bin
2007-07-31 11:40 249344 --a------ C:\WINDOWS\Mitsubishi Lancer.scr
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-28 21:38]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-16 18:29]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-23 01:45]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 13:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 16:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-02 02:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 06:03]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-08 14:13:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-08 14:14:26
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:48 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542148000 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188542148000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542134593 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188542134593\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 6476 bytes
-
Can you scan both of these files
C:\djfbi.exe
C:\WINDOWS\creamplayer.exe
at either of the below links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Post back the results from each file scan
-
the result for C:\djfbi.exe
Scanner results
Scan taken on 09 Sep 2007 01:38:50 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Crypt.ULPM.Gen
ArcaVir
Found Trojan.Rbot.Bmu
Avast
Found nothing
AVG Antivirus
Found SHeur.GFY
BitDefender
Found Trojan.Peed.Gen
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.HLLW.MyBot
F-Prot Antivirus
Found W32/Backdoor.BONG
F-Secure Anti-Virus
Found Backdoor.Win32.SdBot.xd
Fortinet
Found DcomRpc!exploit
Kaspersky Anti-Virus
Found Backdoor.Win32.SdBot.xd
NOD32
Found probably a variant of Win32/SdBot (probable variant)
Norman Virus Control
Found W32/SDBot.ARFZ
Panda Antivirus
Found Generic
Rising Antivirus
Found nothing
Sophos Antivirus
Found Mal/HckPk-A
VirusBuster
Found Worm.Rbot.OJZ
VBA32
Found Backdoor.Win32.SdBot.xd
result for C:\WINDOWS\creamplayer.exe
Scanner results
Scan taken on 09 Sep 2007 01:44:29 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
-
Can you do the following please
Delete your version of SDFix.exe on desktop
Also delete this folder
C:\SDFix < -this folder
REDOWNLOAD the latest updated version of [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
In safe mode, delete this file
C:\djfbi.exe
You appear to have CCleaner installed, remain in safe mode and run the cleaner
Again, in safe mode
SDFIX- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-
SDFix: Version 1.102
Run by jayyap on Sun 09/09/2007 at 02:06 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Program Files\SuperUtility\BMPVsAWD.dll
C:\Program Files\SuperUtility\Decode.dll
C:\Program Files\SuperUtility\Encode.dll
C:\Program Files\SuperUtility\FoxAwdWFlashDLL.dll
C:\Program Files\SuperUtility\Fxdrv.dll
C:\Program Files\SuperUtility\fxexpand.EXE
C:\Program Files\SuperUtility\FoxAwdWINFLASH.sys
C:\Program Files\SuperUtility\FoxAwdWINFLASH64.sys
C:\Program Files\SuperUtility\Fxdrv.sys
Finished
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:51 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542148000 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188542148000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542134593 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188542134593\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 6565 bytes
-
Looks good
You can do the following
Delete MSNCleaner from desktop and it's backup folder it made
C:\BackUpMSNCleaner
You can also do this one more time
Download this tool:
[color=\"blue\"]OTMoveIt[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe\") by OldTimer:- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Select Yes to reboot Now
After reboot you can empty your recycle bin
That should do it
Did you get the latest DirectX installed?
-
i know itz a bit dissapoint but i still need to say,i still cant get my directx update.
-
Are you getting a specific error message when you try and install DirectX
Post the EXACT message
-
nope.itz all very normal installation steps.
-
Oh, so it doesn't give you no prompt at all
Not much to work with on that I'm afraid, well at least your logs look clean
-
thax 4 ur help!!^^
-
Your welcome, I'll lock this topic as your malware problems appear to be resolved