Video playback is choppy

fireready · Joined: Dec 26, 2008 Posts: 3

Hey...hoping someone might be able to take a stab at this problem I've been having. I recently purged my laptop of a few viruses and a nasty Trojan whose name I don't recall. The "Blue Screen Of Death" no longer appears! The only problem I have is that my video playback is choppy (audio is fine). My CPU usage while playing an AVI or DVD is @30-40% (at most). I use VLC player. I've installed, reinstalled, burned incense and howled at the moon over this one. PLEASE ANY THOUGHTS???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:11 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Owner.K-DB20440357E74\Local Settings\Application Data\eSupport.com\driveragent_98[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Data Vault - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 4597 bytes

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Happy Holidays and welcome to Lockergnome.

There doesn't seem to be any spyware in the log file. Did you have this problem before the virus issues? Also, was this before or after installing Sunbelt's antivirus program? I see that this program has used up a lot of resources as well from my searches.

If you want, you can run the following scans to see if anything else is picked up:

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

fireready · Joined: Dec 26, 2008 Posts: 3

Happy Holidays to you as well!! And thanks so much for your attention to my problem.

- I never had any video playback problems before...smooth as silk.

- I uninstalled the Sunbelt Virus/spyware program and it seems that it did affect my video playback. No problems now. Perhaps I can disable some of the software components that aren't so vital to protecting my computer?

- I followed your instructions with the malware removal and it seems there were a few (quite a few actually) viruses and trojans that evaded detection from the Sunbelt software.

- I ran the ComboFix as well. Both logs are attached.

It would seem that the Sunbelt software is ineffectual and is causing my system to slow. I suppose I should be looking at getting different virus/malware/spyware...and dinnerware (cause of the all the dishes I've broken as a result of my frustration over this issue!)

I've attached the logs in the event you may spot something unusual or have any further suggestions for me.

Much thanks in advance for your help on this matter. Kevin

ComboFix 08-12-26.03 - Owner 2008-12-26 22:00:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.206 [GMT -7:00]
Running from: c:\documents and settings\Owner.K-DB20440357E74\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-26 22:06 . 2008-07-18 01:26 68,912 --a------ c:\windows\system32\drivers\sbapifs.sys
2008-12-26 22:04 . 2008-07-18 01:26 13,360 --a------ c:\windows\system32\drivers\sbaphd.sys
2008-12-26 21:52 . 2008-12-26 21:52 <DIR> d-------- c:\windows\6A615007721D4063B226EA41EB6604B9.TMP
2008-12-26 19:17 . 2008-12-26 19:17 <DIR> d-------- c:\documents and settings\Owner.K-DB20440357E74\Application Data\Malwarebytes
2008-12-26 19:16 . 2008-12-26 21:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 19:16 . 2008-12-26 19:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-26 19:16 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 19:16 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 17:19 . 2008-12-26 19:12 <DIR> d-------- c:\program files\Panda Security
2008-12-26 16:34 . 2008-12-26 16:34 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-26 15:03 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-26 15:03 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-26 15:03 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-26 15:03 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-26 14:59 . 2008-12-26 15:01 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-26 14:58 . 2008-12-26 14:58 <DIR> d-------- c:\windows\Logs
2008-12-26 14:54 . 2008-12-26 14:54 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2008-12-26 14:33 . 2008-12-26 14:33 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 14:00 . 2005-07-19 10:05 135,168 --a------ c:\windows\system32\igfxres.dll
2008-12-25 22:43 . 2008-12-25 22:43 <DIR> d-------- c:\program files\ffdshow
2008-12-25 21:51 . 2008-12-25 21:55 <DIR> d-------- c:\documents and settings\Owner.K-DB20440357E74\Application Data\vlc
2008-12-25 20:19 . 2007-07-27 10:22 201,728 --a------ c:\windows\creator
2008-12-25 20:18 . 2008-12-25 20:18 1,681 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (EH439UA#ABA)_YN_0Pavi_QCNF5412GD2_EU_46_I308F_SQuanta_V46.13_BF.22_T060323_WXH3_L409_M503_J100_7Intel_8Pentium M_91.6_#081225_N10EC8139_(EH439UA#ABA)_XMOBILE_CN10_Z8086266D_2Rev 1.MRK
2008-12-25 19:39 . 2008-04-13 11:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-25 18:02 . 2004-08-04 05:00 4,256,768 --a------ c:\windows\system32\dllcache\wmm2res.dll
2008-12-25 18:01 . 2004-12-21 13:49 8,450,048 --a------ c:\windows\system32\dllcache\shell32.dll
2008-12-25 18:00 . 2004-08-04 05:00 2,180,992 --a------ c:\windows\system32\ntoskrnl.exe
2008-12-25 17:32 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-12-25 17:29 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-25 17:29 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-25 17:29 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-25 17:29 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-25 17:29 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-25 17:28 . 2008-12-25 17:28 <DIR> d---s---- c:\documents and settings\Owner.K-DB20440357E74\UserData
2008-12-25 17:19 . 2008-12-25 17:19 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 17:19 . 2008-12-25 17:19 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avanquest
2008-12-25 17:01 . 2008-12-25 17:10 <DIR> d-------- c:\documents and settings\Owner.K-DB20440357E74\Application Data\Avanquest
2008-12-25 16:51 . 2008-12-25 16:51 13,646 --a------ c:\windows\system32\wpa.bak
2008-12-25 16:50 . 2008-12-25 16:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\hpqwmi
2008-12-25 16:44 . 2004-08-04 05:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-25 16:42 . 2005-01-21 13:41 86,016 --a------ c:\windows\system32\WACntlPnl.cpl
2008-12-25 16:40 . 2008-12-25 16:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield
2008-12-25 16:29 . 2002-10-15 09:13 32,356 --------- c:\windows\system32\pusbfd1.sys
2008-12-25 16:29 . 2002-10-15 09:13 26,629 --------- c:\windows\system32\pusbfd2.vxd
2008-12-25 16:28 . 2004-12-07 10:46 425,984 --a------ c:\windows\system32\hpqPres.dll
2008-12-25 16:28 . 2004-12-01 12:45 225,280 --a------ c:\windows\system32\cpqinfo.dll
2008-12-25 16:28 . 2004-12-07 10:45 65,536 --a------ c:\windows\system32\hpqactn.dll
2008-12-25 16:28 . 2004-12-01 12:46 32,768 --a------ c:\windows\system32\eabhbrn8.dll
2008-12-25 16:27 . 2004-04-14 07:36 7,432 --a------ c:\windows\system32\drivers\eabfiltr.sys
2008-12-25 16:26 . 2008-12-25 16:26 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\muvee Technologies
2008-12-25 16:22 . 2008-12-25 16:22 <DIR> d-------- c:\documents and settings\Owner.K-DB20440357E74\Application Data\Apple Computer
2008-12-25 16:22 . 2008-12-25 16:22 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\QuickTime
2008-12-25 16:22 . 2008-12-25 16:22 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-12-25 16:22 . 1999-11-10 12:05 86,016 --a------ c:\windows\unvise32qt.exe
2008-12-25 16:20 . 2006-08-21 11:39 28,510 --a------ c:\windows\system32\oeminfo.ini
2008-12-25 16:16 . 2002-11-21 10:57 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2008-12-25 16:16 . 2002-11-21 10:57 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2008-12-25 16:16 . 2002-11-21 10:57 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2008-12-25 16:16 . 2002-11-21 10:57 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2008-12-25 16:16 . 2002-11-21 10:57 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2008-12-25 16:16 . 2002-11-21 10:57 20,480 --a------ c:\windows\system32\IVIresize.dll
2008-12-25 16:11 . 2004-05-11 01:47 6,912,056 -ra------ c:\windows\Blue Sonic.bmp
2008-12-25 16:11 . 2003-01-24 04:27 22,198 -ra------ c:\windows\system32\OEMLogo.bmp
2008-12-25 16:11 . 2004-01-06 10:00 13,942 -ra------ c:\windows\accessories.ico
2008-12-25 16:11 . 2004-07-30 08:59 5,430 -ra------ c:\windows\AG-Rose.ico
2008-12-25 16:11 . 2004-02-24 07:20 4,286 -ra------ c:\windows\hpmusic.ico
2008-12-25 16:10 . 2003-05-24 03:48 6,912,056 -ra------ c:\windows\Fractal Blue.bmp
2008-12-25 16:10 . 2003-05-24 03:32 6,912,056 -ra------ c:\windows\Crystal Rush.bmp
2008-12-25 16:09 . 2004-11-22 03:41 3,222,784 -ra------ c:\windows\system32\drivers\w29n51.sys
2008-12-25 16:09 . 2004-11-22 03:41 458,752 -ra------ c:\windows\system32\w29NCPA.dll
2008-12-25 16:08 . 2004-11-22 03:41 1,654,784 -ra------ c:\windows\system32\W29MLRES.DLL
2008-12-25 16:08 . 2004-11-22 03:41 13 -ra------ c:\windows\system32\drivers\verfile.tic
2008-12-25 16:06 . 2004-12-02 09:36 70,912 --a------ c:\windows\system32\drivers\Rtlnicxp.sys
2008-12-25 16:01 . 2008-12-25 17:28 <DIR> d-------- c:\documents and settings\Owner.K-DB20440357E74
2008-12-25 15:59 . 2008-12-25 16:00 <DIR> d--hs---- c:\documents and settings\LocalService.NT AUTHORITY.004
2008-12-25 15:59 . 2008-12-25 15:59 8,192 --a------ c:\windows\REGLOCS.OLD
2008-12-25 15:58 . 2008-12-25 15:59 <DIR> d--hs---- c:\documents and settings\NetworkService.NT AUTHORITY.004
2008-12-25 15:56 . 2004-08-04 05:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-12-25 15:55 . 2004-08-04 05:00 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2008-12-25 15:54 . 2004-08-04 05:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2008-12-25 15:53 . 2008-12-25 21:41 316,640 --a------ c:\windows\WMSysPr9.prx
2008-12-25 15:53 . 2008-12-25 21:41 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-25 15:53 . 2008-12-25 21:41 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-25 15:53 . 2008-12-25 15:53 2,577 --a------ c:\windows\system32\CONFIG.NT
2008-12-25 15:53 . 2008-12-25 15:53 0 --a------ c:\windows\control.ini
2008-12-25 15:51 . 2008-12-25 16:42 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS\DRM
2008-12-25 15:51 . 2008-12-25 15:51 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-25 15:51 . 2008-12-25 15:51 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-25 15:51 . 2008-12-25 15:51 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-25 15:51 . 2008-12-25 15:51 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-25 15:51 . 2008-12-25 15:51 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-25 15:51 . 2008-12-25 15:51 749 -rah----- c:\windows\system32\cdplayer.exe.manifest
2008-12-25 15:51 . 2008-12-25 15:51 488 -rah----- c:\windows\system32\WindowsLogon.manifest
2008-12-25 15:51 . 2008-12-25 15:51 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-25 15:50 . 2004-08-04 05:00 4,399,505 --a--c--- c:\windows\system32\dllcache\nls302en.lex
2008-12-25 15:50 . 2004-08-04 05:00 99,840 --a--c--- c:\windows\system32\dllcache\helphost.exe
2008-12-25 15:50 . 2004-08-04 05:00 48,680 ---hs---- c:\windows\winnt256.bmp
2008-12-25 15:50 . 2004-08-04 05:00 48,680 ---hs---- c:\windows\winnt.bmp
2008-12-25 15:50 . 2004-08-04 05:00 35,328 --a--c--- c:\windows\system32\dllcache\notiflag.exe
2008-12-25 15:50 . 2004-08-04 05:00 21,504 --a--c--- c:\windows\system32\dllcache\brpinfo.dll
2008-12-25 15:50 . 2004-08-04 05:00 11,264 --a--c--- c:\windows\system32\dllcache\atrace.dll
2008-12-25 15:50 . 2004-08-04 05:00 11,264 --a------ c:\windows\system32\atrace.dll
2008-12-25 15:50 . 2004-08-04 05:00 6,656 --a--c--- c:\windows\system32\dllcache\hcappres.dll
2008-12-25 15:50 . 2004-08-04 05:00 2 --a------ c:\windows\system32\desktop.ini
2008-12-25 15:50 . 2004-08-04 05:00 2 --a------ c:\windows\desktop.ini
2008-12-25 15:48 . 2008-12-25 15:48 21,640 --a------ c:\windows\system32\emptyregdb.dat
2008-12-25 15:48 . 2008-12-25 15:48 37 --a------ c:\windows\vbaddin.ini
2008-12-25 15:48 . 2008-12-25 15:48 36 --a------ c:\windows\vb.ini
2008-12-25 15:46 . 2004-08-04 05:00 1,251,840 --a------ c:\windows\system32\comsvcs.dll
2008-12-25 14:44 . 2008-12-25 14:44 <DIR> d-------- c:\documents and settings\K-Corp\Application Data\Media Player Classic
2008-12-25 08:42 . 2001-08-17 06:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2008-12-25 08:41 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2008-12-25 08:41 . 2004-08-03 15:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2008-12-25 08:41 . 2001-08-17 06:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-12-25 08:39 . 2008-12-25 18:22 2,711 --a------ c:\windows\imsins.BAK
2008-12-25 08:38 . 2008-12-25 15:48 <DIR> dr------- c:\documents and settings\All Users.WINDOWS\Documents
2008-12-25 08:37 . 2008-12-25 16:01 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS
2008-12-25 08:37 . 2008-12-25 15:51 <DIR> d-------- c:\documents and settings\All Users.WINDOWS
2008-12-25 08:36 . 2008-12-25 15:57 623 --a------ c:\windows\system32\$winnt$.inf
2008-12-24 22:48 . 2008-12-25 12:03 <DIR> d-------- c:\documents and settings\K-Corp\Contacts
2008-12-23 18:08 . 2008-12-23 18:08 <DIR> d-------- c:\program files\HD Tune
2008-12-23 06:12 . 2008-12-23 06:12 <DIR> d-------- c:\windows\system32\Events
2008-12-23 05:25 . 2008-12-23 05:25 <DIR> d-------- c:\program files\VideoLAN
2008-12-21 21:41 . 2008-12-21 21:41 <DIR> d-------- c:\documents and settings\K-Corp\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 23:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-25 23:41 --------- d-----w c:\program files\Java
2008-12-25 23:40 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-25 23:35 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-25 23:22 --------- d-----w c:\program files\QuickTime
2008-12-25 23:11 --------- d-----w c:\program files\HPQ
2008-12-25 05:45 --------- d-----w c:\program files\MSN Messenger
2008-12-22 20:12 --------- d-----w c:\documents and settings\Kevin\Application Data\WinWay
2008-12-20 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:13 --------- d-----w c:\documents and settings\Kevin\Application Data\uTorrent
2008-12-11 08:06 --------- d-----w c:\program files\Hp
2008-12-05 02:33 --------- d-----w c:\documents and settings\Kevin\Application Data\AdobeUM
2008-11-01 21:58 --------- d-----w c:\program files\WinWay Resume
2008-11-01 01:48 --------- d-----w c:\documents and settings\Kevin\Application Data\Corel
2008-11-01 01:42 --------- d-----w c:\program files\Common Files\Protexis
2008-11-01 01:38 --------- d-----w c:\program files\Common Files\Corel
2008-10-30 00:46 --------- d-----w c:\documents and settings\Kevin\Application Data\Sonic
2008-10-29 23:03 --------- d-----w c:\documents and settings\Kevin\Application Data\Nero
2008-10-29 22:35 --------- d-----w c:\program files\Common Files\Nero
2008-10-27 17:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 17:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 17:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8373ADC0-6330-11DD-9D77-22C856D89593}]
2008-08-10 15:53 178176 --a------ c:\program files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-26 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-25 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-12-26 13360]
R2 SBAMSvc;Sunbelt VIPRE Antivirus Service;"c:\program files\Common Files\AntiVirus\SBAMSvc.exe" [2008-08-05 849192]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-12-26 68912]
R3 KFilter;KFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-08-10 54865]
R3 TFilter;TFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-08-10 20225]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys [2007-11-06 87848]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{749f4231-c886-11dd-b666-806d6172696f}]
\Shell\AutoRun\command - d:\wd_windows_tools\WDSetup.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 22:06:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????2????|?????? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVANQU~1\SYSTEM~1\MXTask.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVANQU~1\SYSTEM~1\MXTask.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-26 22:09:05 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-27 05:09:00

Pre-Run: 49,168,412,672 bytes free
Post-Run: 49,255,247,872 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

252

Malwarebytes' Anti-Malware 1.31
Database version: 1552
Windows 5.1.2600 Service Pack 2

12/26/2008 9:27:53 PM
mbam-log-2008-12-26 (21-27-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 177503
Time elapsed: 1 hour(s), 48 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.K-8C4C7B03488D4\Desktop\2FDE3B02A633D40C\2FDE3B02A633D40C (Rootkit.Zlob) -> No action taken.
C:\System Volume Information\_restore{28CA1C04-1F4D-42A4-8D92-A367133BF666}\RP35\A0008562.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{28CA1C04-1F4D-42A4-8D92-A367133BF666}\RP38\A0025971.exe (Backdoor.Agent) -> No action taken.
C:\Documents and Settings\Owner.K-8C4C7B03488D4\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner.K-8C4C7B03488D4\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner.K-8C4C7B03488D4\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner.K-8C4C7B03488D4\Favorites\Run Virus Scan.url (Trojan.Zlob) -> No action taken.

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Did you tell Malwarebytes' to remove all those infections it found? If not, do so now.

You may leave Sunbelt uninstalled if you want. I will prepare the removal of any remnants left behind by that software. I have free alternatives for spyware protection. Keep in mind that none of these are 100% accurate is finding and removing spyware. There is no such program Rolling Eyes

But having these programs updated and thinking twice before clicking on something can save you a lot of headache.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

fireready · Joined: Dec 26, 2008 Posts: 3

O.K......I copied and pasted the script into notepad....dragged it into the ComboFix.exe....it did its thing and it would appear all is right in the universe once again.

I did remove all the maleware when prompted by malewarebytes during yesterdays session.

As for virus/spyware software....Sunbelt has everything; including the kitchen sink. As it happens, I don't really need anymore kitchen appliances so I've reverted back to an old favorite of a simpiler nature.

I'll take with me a valuable lesson of being more vigilante and habitual in ensuring my machine is protected.

I can't thank you enough for all your help. I hope you have a wonderful New Year!!!

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

I hope the dinnerware will last longer now that everything is ok Wink

Thanks. I hope you have a Happy New Year as well Cool

Topic locked since issue is resolved.