Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Video lag

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Video lag

Unread postby 050085 » November 26th, 2006, 7:33 am

Hi, I have been having this problem for a long time, not sure whether it's due to malware.. could anyone help me check?

Everything functions well on my computer except video. I can play music and watch ONLY youtube. When it comes to any other format of videos, streaming or from my harddisk, CPU usage shoots to 100% and everything lags until i use task manager to close that program. Games dont have this problem.

Just from a fresh install few weeks ago, notice Device Manager says no video controller installed so i went to the mainboard website to download it, exclamation mark gone but that didn't solve the problem.

Task manager also has a program crss.exe running which isnt reflected on the hijack this log. Speaking of which here it is :

Logfile of HijackThis v1.99.1
Scan saved at 7:25:43 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Valve\Steam\Steam.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.ntu.edu.sg/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] F:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yahoo! Widget Engine.lnk = F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


For a fresh install i have absolutely no idea why the videos wont work and why crss.exe shows up (google says it's spyware?)
much help appreciated...
050085
Active Member
 
Posts: 12
Joined: October 24th, 2006, 1:03 am
Advertisement
Register to Remove

Unread postby Bob4 » November 28th, 2006, 7:02 pm

_________________________________
Welcome to the Malware removal forums. I will be more than happy to help you work on your problems.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!





! ! ! DO NOT SKIP THIS STEP ! ! !

You are running HJT from a temporary location.
Create a folder called HJT either in C: or My documents and place the
hijackthis.exe in there.
This will ensure we have back ups made and it doesn't get deleted .









______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).


___________________________________
Download AVG Anti-Spyware.

  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.

    • At the top of the main screen click Update.

      • Then in the Manual Update section, click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
  • When updates are completed, close AVG.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates
Do not use it yet.


________________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list choose safe
mode.




_________________________________________
AVG Part 2
AVG
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
Under How to act
Choose quarintine

Under Reports check automatically create report after every scan.
Now back to the scan tab andClick on Complete system scan

Let the program scan the machine .
When finished click apply all actions.


Exit AVG.
It will save a log in C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Reboot normaly.

Post the log from AVG and a new Hijackthis log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby 050085 » December 2nd, 2006, 12:55 pm

Hi bob, sorry to have taken so long..
here's my log from AVG spyware and hijackthis

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:48:46 AM 12/3/2006

+ Scan result:

F:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe -> Adware.MediaTicket : No action taken.
F:\System Volume Information\_restore{B51D89ED-6E6D-4B9C-BCE6-FDDC663CEE45}\RP8\A0001046.exe -> Adware.MediaTicket : No action taken.
F:\Yahoo! Widget Engine\uninstall.exe -> Adware.MediaTicket : No action taken.
F:\temp\widgetsus.exe -> Adware.MediaTicket : No action taken.
F:\Visual Studio\COMMON\TOOLS\BIND.EXE -> Trojan.Small : No action taken.

::Report end

-------------------------------------------------------------
Logfile of HijackThis v1.99.1
------------------------------------------------------------
Scan saved at 12:53:55 AM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Valve\Steam\Steam.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.ntu.edu.sg/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] F:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yahoo! Widget Engine.lnk = F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
050085
Active Member
 
Posts: 12
Joined: October 24th, 2006, 1:03 am

Unread postby Bob4 » December 2nd, 2006, 6:46 pm

HJT still needs its own folder. This is important.
Create a folder called HJT either in C: or My documents and place the hijackthis.exe in there.
This will ensure we have back ups made and it doesn't get deleted .




___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Do an all files search for crss.exe

Let me know if you find it and the location of it.




_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer

The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

Let me know if you found crss.exe
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

kaspersky log

Unread postby 050085 » December 7th, 2006, 6:53 pm

I cant find crss.exe... in my task manager it now only has csrss.exe

here's the kaspersky results...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 08, 2006 6:50:28 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/12/2006
Kaspersky Anti-Virus database records: 248857
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 63467
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:09:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\chun\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\cert8.db Object is locked skipped
C:\Documents and Settings\chun\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\history.dat Object is locked skipped
C:\Documents and Settings\chun\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\key3.db Object is locked skipped
C:\Documents and Settings\chun\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\parent.lock Object is locked skipped
C:\Documents and Settings\chun\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Messenger\chunyih@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Messenger\chunyih@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Messenger\chunyih@hotmail.com\SharingMetadata\Working\database_5CF8_A1C5_F8A1_9E30\dfsr.db Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Messenger\chunyih@hotmail.com\SharingMetadata\Working\database_5CF8_A1C5_F8A1_9E30\fsr.log Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Messenger\chunyih@hotmail.com\SharingMetadata\Working\database_5CF8_A1C5_F8A1_9E30\fsrtmp.log Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Messenger\chunyih@hotmail.com\SharingMetadata\Working\database_5CF8_A1C5_F8A1_9E30\tmp.edb Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Windows Live Contacts\chunyih@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Microsoft\Windows Live Contacts\chunyih@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\Cache\709E6FEDd01 Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Application Data\Mozilla\Firefox\Profiles\4axopxol.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\chun\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\chun\Local Settings\History\History.IE5\MSHist012006120820061209\index.dat Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\fla29.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\fla2A.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\flaE7.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\~DF5C4.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\~DF77CA.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\~DF7850.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\~DF8E7B.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\~DF96F1.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temp\~DFDE9.tmp Object is locked skipped
C:\Documents and Settings\chun\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\chun\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\chun\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B51D89ED-6E6D-4B9C-BCE6-FDDC663CEE45}\RP39\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PINKY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT06b98.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06b9c.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
F:\Program Files\Valve\Steam\Steam.log Object is locked skipped
F:\Program Files\Valve\Steam\steamapps\winui.gcf Object is locked skipped
F:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{B51D89ED-6E6D-4B9C-BCE6-FDDC663CEE45}\RP39\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
050085
Active Member
 
Posts: 12
Joined: October 24th, 2006, 1:03 am

Unread postby Bob4 » December 7th, 2006, 8:06 pm

Not finding anything yet.


Download this file - combofix.exe

and save it to your desktop.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /v vtsrq

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log


*use separate posts to ensure the logs don't get cut off!
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

ComboFix Log

Unread postby 050085 » December 8th, 2006, 6:26 am

chun - 06-12-08 18:22:05.76 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\chun\desktop"
Command switches used :: /v vtsrq

((((((((((((((((((((((((((((((( Files Created from 2006-11-08 to 2006-12-08 ))))))))))))))))))))))))))))))))))


2006-12-08 01:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-08 01:24 <DIR> d-------- C:\HJT
2006-12-02 23:01 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-02 19:13 <DIR> dr-h----- C:\Documents and Settings\chun\Recent
2006-12-02 19:06 <DIR> d-------- C:\Program Files\CCleaner
2006-12-02 17:09 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-02 17:09 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-02 17:09 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-02 17:09 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-02 17:09 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-02 17:09 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-02 17:09 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-02 17:08 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-02 17:08 39,424 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-12-02 17:08 380,928 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2006-12-02 17:08 287,360 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2006-12-02 17:08 217,088 -ra------ C:\WINDOWS\system32\LVUI2.dll
2006-12-02 17:08 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2006-12-02 17:08 2,112 -ra------ C:\WINDOWS\system32\Repository.reg
2006-12-02 17:08 110,592 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2006-12-02 17:04 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-12-02 17:04 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-12-02 17:04 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-12-02 17:04 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-12-02 17:04 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-12-02 17:04 57,344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll
2006-12-02 17:04 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-12-02 17:04 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-12-02 17:04 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-12-02 17:04 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-12-02 17:04 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-12-02 17:04 39,936 --a------ C:\WINDOWS\system32\VxLibRes.dll
2006-12-02 17:04 327,680 --a------ C:\WINDOWS\system32\CamCplRes.dll
2006-12-02 17:04 262,144 --a------ C:\WINDOWS\system32\ElkCtrl.exe
2006-12-02 17:04 245,824 -ra------ C:\WINDOWS\system32\InstExec.exe
2006-12-02 17:04 245,824 -ra------ C:\WINDOWS\Instexec.exe
2006-12-02 17:04 152,576 --a------ C:\WINDOWS\system32\VxLib.dll
2006-12-02 17:04 135,680 --a------ C:\WINDOWS\system32\VLib.dll
2006-12-02 17:04 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2006-12-02 17:04 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-12-02 17:04 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2006-12-02 17:04 <DIR> d-------- C:\Program Files\Logitech
2006-12-02 17:04 <DIR> d-------- C:\Program Files\Common Files\Logitech
2006-11-26 08:28 352,256 --a------ C:\WINDOWS\eSellerateEngine.dll
2006-11-26 07:21 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-26 05:02 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-11-26 04:53 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2006-11-26 04:53 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-26 04:53 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-11-26 04:53 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-11-26 04:53 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-11-26 04:53 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2006-11-26 04:53 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-11-26 04:53 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-26 04:53 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2006-11-26 04:53 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2006-11-26 04:53 <DIR> d-------- C:\Program Files\AVSMedia
2006-11-26 04:48 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2006-11-26 02:20 <DIR> d-------- C:\Program Files\PopCap Games
2006-11-26 02:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2006-11-14 13:26 <DIR> d-------- C:\Program Files\iTunes
2006-11-14 13:26 <DIR> d-------- C:\Program Files\iPod
2006-11-14 13:25 <DIR> d-------- C:\Program Files\QuickTime
2006-11-14 13:24 <DIR> d--hs---- C:\Config.Msi
2006-11-12 23:00 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-08 10:19 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-11-08 10:19 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-08 18:19 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-08 08:00 -------- d-------- C:\Documents and Settings\chun\Application Data\AVG7
2006-12-08 07:25 -------- d---s---- C:\Documents and Settings\chun\Application Data\Microsoft
2006-12-04 09:55 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-02 23:01 -------- d-------- C:\Program Files\Grisoft
2006-12-02 17:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-02 17:04 -------- d-------- C:\Program Files\Common Files
2006-11-12 11:57 -------- d-------- C:\Documents and Settings\chun\Application Data\Adobe
2006-11-07 18:17 -------- d-------- C:\Program Files\Java
2006-11-05 20:59 -------- d-------- C:\Documents and Settings\chun\Application Data\Sun
2006-11-05 18:55 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-02 09:56 -------- d-------- C:\Program Files\EPSON
2006-10-27 16:25 -------- d-------- C:\Program Files\Common Files\Java
2006-10-27 15:32 -------- d-------- C:\Program Files\Adobe
2006-10-26 20:08 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-26 19:15 -------- d-------- C:\Documents and Settings\chun\Application Data\Apple Computer
2006-10-26 15:07 -------- d-------- C:\Documents and Settings\chun\Application Data\DivX
2006-10-26 12:45 -------- d-------- C:\Documents and Settings\chun\Application Data\AdobeUM
2006-10-26 12:17 -------- d-------- C:\Documents and Settings\chun\Application Data\Lavasoft
2006-10-26 05:55 62 --ahs---- C:\Documents and Settings\chun\Application Data\desktop.ini
2006-10-26 05:55 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-26 05:55 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-26 02:48 -------- d-------- C:\Program Files\C-Media 3D Audio
2006-10-26 02:07 -------- d-------- C:\Documents and Settings\chun\Application Data\vlc
2006-10-26 00:17 -------- d-------- C:\Documents and Settings\chun\Application Data\Miranda
2006-10-26 00:06 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-10-26 00:05 -------- d-------- C:\Program Files\Microsoft IntelliPoint 5.5
2006-10-25 23:52 -------- d-------- C:\Documents and Settings\chun\Application Data\Macromedia
2006-10-25 23:35 -------- d-------- C:\Program Files\MSN Messenger
2006-10-25 23:35 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-25 23:32 -------- d-------- C:\Documents and Settings\chun\Application Data\Talkback
2006-10-25 23:32 -------- d-------- C:\Documents and Settings\chun\Application Data\Mozilla
2006-10-25 22:53 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-25 22:53 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-25 22:53 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-25 22:53 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-25 22:26 -------- d-------- C:\Program Files\Windows Media Player
2006-10-25 22:25 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-25 22:25 -------- d-------- C:\Program Files\Movie Maker
2006-10-25 22:24 -------- d-------- C:\Program Files\Outlook Express
2006-10-25 22:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-25 22:24 -------- d-------- C:\Program Files\Internet Explorer
2006-10-25 22:24 -------- d-------- C:\Program Files\Common Files\System
2006-10-25 22:23 -------- d-------- C:\Program Files\Windows NT
2006-10-25 22:23 -------- d-------- C:\Program Files\Messenger
2006-10-25 22:09 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-25 22:09 -------- d-------- C:\Documents and Settings\chun\Application Data\Identities
2006-10-25 22:05 0 -rahs---- C:\MSDOS.SYS
2006-10-25 22:05 0 -rahs---- C:\IO.SYS
2006-10-25 22:05 0 --a------ C:\CONFIG.SYS
2006-10-25 22:05 0 --a------ C:\AUTOEXEC.BAT
2006-10-25 22:05 -------- d-------- C:\Program Files\xerox
2006-10-25 22:05 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-25 22:04 -------- d-------- C:\Program Files\Online Services
2006-10-25 22:03 -------- d-------- C:\Program Files\Common Files\Services
2006-10-25 22:03 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-25 22:02 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-25 22:02 -------- d-------- C:\Program Files\MSN
2006-10-25 22:02 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-03 03:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-03 03:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-03 03:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-03 03:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Steam"="F:\\Program Files\\Valve\\Steam\\Steam.exe -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"F:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"EPSON Stylus C67 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAP.EXE /P23 \"EPSON Stylus C67 Series\" /O6 \"USB001\" /M \"Stylus C67\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3e,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\{A49CBFC8-37B8-42BA-A9F0-4D9B80A03A0C}_PINKY_chun.job

Completion time: 06-12-08 18:22:50.59
C:\ComboFix.txt ... 06-12-08 18:22
050085
Active Member
 
Posts: 12
Joined: October 24th, 2006, 1:03 am

HijackThis Log

Unread postby 050085 » December 8th, 2006, 6:28 am

Logfile of HijackThis v1.99.1
Scan saved at 6:24:47 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Valve\Steam\Steam.exe
F:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.ntu.edu.sg/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] F:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yahoo! Widget Engine.lnk = F:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Here's the 2 logs... So by your checks my computer isnt suffering from malware.. then something else is causing the video to hang?
050085
Active Member
 
Posts: 12
Joined: October 24th, 2006, 1:03 am

Unread postby Bob4 » December 8th, 2006, 7:32 am

I really don't think your issue is malware related at this point.

Unfortunately this is leaving my area of expertise. What I would do though is this.

You say you went to the mainbords web site for video drivers. If your video card is onboard type ( built into the motherboard) It is possible that it doesn't have enough memory to do what your asking it. If it isn't I would go to the video cards web site for the lateset drivers. It looks as if you have nvidia.
Heres the link to there driver downloads :
http://www.nvidia.com/content/drivers/drivers.asp

I would also make sure I have the lateset direct x installed.

http://www.microsoft.com/windows/directx/default.mspx


If that doesn't help I would try and seek help from the following forums: You may tell them you had a hjt log checked here.

http://discussions.virtualdr.com/forumd ... forumid=71

http://forums.techguy.org/

http://www.5starsupport.com/ipboard/index.php

Sorry I wasn't of more help.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby Bob4 » December 14th, 2006, 2:02 pm

How did you make out ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby NonSuch » December 24th, 2006, 6:33 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware