Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sslow Computer


  • This topic is locked This topic is locked
12 replies to this topic

#1 ZeroThree

ZeroThree

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 04 November 2007 - 08:00 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:52 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\DOCUME~1\Caleb\LOCALS~1\Temp\clclean.0001
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\winlogon.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jeff')
O4 - HKUS\S-1-5-21-787581413-46320946-1481579758-1009\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Nathan')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-787581413-46320946-1481579758-1005 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Jeff')
O4 - S-1-5-21-787581413-46320946-1481579758-1005 User Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Jeff')
O4 - S-1-5-21-787581413-46320946-1481579758-1009 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Nathan')
O4 - S-1-5-21-787581413-46320946-1481579758-1009 User Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Nathan')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13570 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 05 November 2007 - 02:35 AM

Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
I don't see anything suspicious in your log.

Read here about slow computers:
Help! My computer is slow!

Also, I see that you are currently logged in with more than 1 useraccount at the same time - keep in mind that everything goes slower because of that as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ZeroThree

ZeroThree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 05 November 2007 - 01:24 PM

thanks for replying but everytime im on the internet and i click a button on the web page it takes forever to go, and lately it when i open programs it says i can't because a pop-up says something about win32. after a few more tries it will start to work though.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 05 November 2007 - 01:53 PM

Hi,

Please uninstall Trendmicro Internet Security and let me know if that solved your issue.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ZeroThree

ZeroThree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 07 November 2007 - 09:29 PM

alright i have uninstalled it but it didnt fix the problem, also should i reinstall it or wait and heres a new log if needed


----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:07 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\DOCUME~1\Caleb\LOCALS~1\Temp\clclean.0001
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10613 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 08 November 2007 - 07:57 AM

Hi,

Wait to reinstall TrendMicro Internet Security, because it's hard to troubleshoot otherwise..
The reason why I asked you to uninstall it is because I know it may cause a huge system slowdown. The same applies for Norton which you also have installed. In your case, Norton Ghost which also installed the extra crud that is not needed and cause a huge slowdown as well.
So the only way to properly troubleshoot is to uninstall Norton as well. You can reinstall Trendmicro and Norton Ghost afterwards again in case they are not causing the slowdown either. But if you don't test and uninstall, we won't know which program is exactly causing this.
Can you also temporary uninstall Ad-Aware 2007? Because that one is also known to cause a slowdown.

Then post a new HijackThislog in your next reply.
While you don't have any protection installed in a meanwhile, only connect to the internet to check this site for new posts.

Once we figured out what exact program is causing this, I can give you an alternative instead.

Edited by miekiemoes, 08 November 2007 - 07:59 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 ZeroThree

ZeroThree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 08 November 2007 - 04:38 PM

okay, i got the new log and uninstalled everything, opening programs seems to work fine now without any pop-ups, but the stall on the internet is still occuring

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:24 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
C:\DOCUME~1\Caleb\LOCALS~1\Temp\clclean.0001
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9289 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 08 November 2007 - 05:48 PM

Hi,

okay, i got the new log and uninstalled everything, opening programs seems to work fine now

Good there's already an improvement.
Guess your Norton was the main problem for the opening of programs.
Since you don't have any security present now, I suggest you install Avira as an Antivirus: http://www.free-av.com/
(This one is for free) and Comodo as a firewall: http://www.personalfirewall.comodo.com/ (is also for free)
This is a temporary protection while we tweak some more and improve system speed. You can still uninstall them afterwards again if you don't like it and install Trendmicro Internet Security again. But for now, do not reinstall Trendmicro Internet Security yet, because I know this one causes a system slowdown and because of that it may be difficult to troubleshoot the "slow computer issue" properly.
I know that Avira and Comodo should work smoothly as they don't require that much from your processor.

Reboot after installing Comodo and Avira.
After the Comodo install, you'll receive some alerts from programs you open, or right after reboot. This is normal, because Comodo didn't create any rules yet whether to allow or to block a program. So everytime you will open a program, comodo will ask if you want to allow or not. In that case, select yes and check the box to remember the answer, so it won't ask you next time again (unless the program has been updated). Also, don't worry about some "Hijacking application" alerts comodo will display at the beginning... this is normal and nothing bad. Those are just some files used by other programs.

Let's also disable some unnecessary startups..

But first of all, look in software > add/remove programs and uninstall Google Updater Service if present. This because this service is not required and may cause a delay while it checks the internet to search for updates.

Then, to disable unnecessary startups...
To do this, perform next:

Go to start > run and type: msconfig
Select the tab: Startup

There you will see all the programs starting up with windows.
Some are not needed and can also cause a system slowdown. They are not required anyway to start up with Windows.

You can always access these programs by going to your startmenu > all programs or start them manually via the Programs Folder where they are present.
You can always enable them afterwards again.

Next are not needed to start with windows:
  • ISUSPM Startup (isuspm.exe)
  • ISUSScheduler (issch.exe)
  • MMTray (mm_tray.exe)
  • SunJavaUpdateSched (jusched.exe)
  • MimBoot (mimboot.exe)
  • QuickTime Task (QTTask.exe)
  • Creative Detector (CTDetect.exe)
  • MSMSGS (msmsgs.exe)
  • DellSupport (DSAgnt.exe)
  • Adobe Reader Speed Launch.lnk (reader_sl.exe)
  • Google Updater.lnk (GoogleUpdater.exe)
The choice is yours ofcourse which above ones you find necessary to startup with windows. But in general, they are not required.

After reboot, you'll get a message that something was modified in your System Configuration. Just check the box there where it says not to display this message again.

After reboot... see if that made a difference.
Let me know. Also let me know if your internet still "stalls". Do you also have Firefox installed? This is because I want to know if this is an Internet Explorer issue or a connection issue in general.

Also do next afterwards.. this to see if there's any malware present and to get a list of all programs recently installed/modified.

* Download ComboFix from here.
**Save it to your desktop**

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


* Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

That's why it is also important you let me know in your next reply since when exactly these slow down problems appeared. So I can see in your Combofix log what exact programs were installed or modified at the time your problems started, so this could give us a clue.
But imho, I think, after performing the first steps and disabling some unnecessary startups, that it will already solve your problems. The problems with opening programs is already fixed now anyway after uninstalling Norton.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 ZeroThree

ZeroThree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 08 November 2007 - 06:38 PM

thanks so far but the stall after clicking buttons on the web page is still happening. btw i do use mozilla firefox, i've done everything except when i was running combofix antivir kept popping up saying stuff about a trojan horse thats was detected, and combofix wouldnt continue until i denied access of the virus, later in the scan though it pooped up again and wouldnt continue to run until i moved it to quarantine so i dont know if the log will be right. the trojan's name is TR/Inject.JT and located at local settings/temp/sixxblgy.dll, also i believed this started about a month ago

COMBOFIX
------------

ComboFix 07-11-08.1 - Caleb 2007-11-08 17:21:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.589 [GMT -6:00]
Running from: C:\Documents and Settings\Caleb\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Caleb\Application Data\macromedia\Flash Player\#SharedObjects\BGR2HMT6\www.broadcaster.com
C:\Documents and Settings\Caleb\Application Data\macromedia\Flash Player\#SharedObjects\BGR2HMT6\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Caleb\Application Data\macromedia\Flash Player\#SharedObjects\BGR2HMT6\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Caleb\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Caleb\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\cursors.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hb_ie_menu.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_games_icon.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_video.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sbu_icon.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\weathericon.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\cursors.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hb_ie_menu.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_games_icon.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_video.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sbu_icon.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\weathericon.res
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\cursors.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_video.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sbu_icon.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\weathericon.xip
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Nathan\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Nathan\Desktop\Free PC Wallpapers.lnk
C:\Program Files\wintouch
C:\Program Files\wintouch\wintouch.cfg
C:\Program Files\wintouch\WTUninstaller.exe
C:\Redemption.ECF

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 17:15 <DIR> d-------- C:\WINDOWS\pss
2007-11-08 17:11 <DIR> d-------- C:\Documents and Settings\Caleb\Application Data\Comodo
2007-11-08 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-08 17:08 <DIR> d-------- C:\Program Files\Comodo
2007-11-08 17:07 <DIR> d-------- C:\Program Files\Avira
2007-11-08 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-18 20:32 <DIR> d-------- C:\Program Files\Apophysis 2.0
2007-10-10 19:26 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 23:18 --------- d-----w C:\Program Files\Google
2007-11-08 21:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-08 02:17 --------- d-s---w C:\Program Files\Xfire
2007-11-08 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-08 00:52 --------- d-----w C:\Program Files\mIRC
2007-11-08 00:34 --------- d-----w C:\Documents and Settings\Nathan\Application Data\Xfire
2007-11-06 16:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Xfire
2007-11-05 00:57 --------- d-----w C:\Program Files\Blubster
2007-11-03 20:47 --------- d-----w C:\Program Files\Warcraft III
2007-10-31 02:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 00:13 --------- d-----w C:\Program Files\clubpenguinfans
2007-10-19 18:15 --------- d-----w C:\Program Files\Trend Micro
2007-10-13 13:06 --------- d-----w C:\Program Files\Cheat Engine
2007-10-08 00:43 --------- d-----w C:\Program Files\Viewpoint
2007-09-15 21:49 --------- d-----w C:\Program Files\WC3Banlist
2007-09-15 21:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-09-15 21:48 --------- d-----w C:\Documents and Settings\Jeff\Application Data\SUPERAntiSpyware.com
2007-09-15 21:46 --------- d-----w C:\Program Files\ESPNMotion
2007-09-15 21:17 --------- d-----w C:\Documents and Settings\Nathan\Application Data\Lavasoft
2007-09-15 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-11 16:15 228,676 ----a-w C:\WINDOWS\Blubster_Toolbar_Uninstaller_1625.exe
2006-09-10 18:49 630,784 ----a-w C:\Documents and Settings\Nathan\chatlnk.exe
2007-01-19 15:45:10 88 --sh--r C:\WINDOWS\system32\11EDD334D8.sys
2007-07-24 17:40:07 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 00:54 C:\WINDOWS\system32\CTMBHA.DLL]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42]
"FLMOFFICE4DMOUSE"="C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe" [2007-02-14 15:24]
"OFFICEKB"="C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe" [2007-02-14 15:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-08 17:08]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-08 17:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 09:40 C:\WINDOWS\MIDIDEF.EXE]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-10-24 16:13:12]

C:\Documents and Settings\Nathan\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-10-24 16:13:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 17:21:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 17:11:12]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2006-11-18 10:03:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-06 03:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-11-19 01:11:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152742272.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-08 23:18:49 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-01 12:03:25 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 17:25:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 17:26:15
.
--- E O F ---








HIJACKTHIS
--------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:42 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7839 bytes




Combofix didnt ask me to restart the computer either, but after it was done internet explorer magically appeared on my desktop






EDIT: after ie appeared i tested it out and the web page stalls dont happen on it, so maybe this is a firefox problem? Should i try reinstalling firefox?

Edited by ZeroThree, 08 November 2007 - 06:43 PM.


#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 08 November 2007 - 07:13 PM

Hi,

I see Combofix deleted some leftovers. Don't worry about the Avira alert and Combofix.. because I know Avira may detect Combofix and parts of it as suspicious. That's why I also posted in my previous instructions to disable your Avira in case it displays an alert while running Combofix.
Anyway, the log was OK.. and I can't see anything strange anymore in it, except for the files Combofix already removed.
I do see you have Blubster installed. I do not recommend this one since it's bundled with adware. Look here for the P2P programs which are unsafe and safe to use: http://p2p.malwareremoval.com/

Combofix didnt ask me to restart the computer either, but after it was done internet explorer magically appeared on my desktop

Yes, Combofix recreates the default Internet Explorer shortcut on your desktop again.

EDIT: after ie appeared i tested it out and the web page stalls dont happen on it, so maybe this is a firefox problem? Should i try reinstalling firefox?

Ok, so now we know that this only happens in Firefox - a firefox issue.
It could be because of the latest Firefox update, since I have seen people complaining about that as well - or it could be because of one of your extensions installed which won't work properly and causes your Firefox to stall.
First of all, clean your Firefox cache..

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
See if that may solve your problem.

If not...

I don't know if only reinstalling Firefox will solve your problem though... This because, Firefox also creates a folder under your useraccount, in this case C:\Documents and Settings\Caleb\Application Data\Mozilla\Firefox
This folder contains your bookmarks, themes installed and extensions installed. In case you reinstall Firefox, it will reload everything again present in that folder. This means, in case you do have indeed a corrupted extension or anything else present in there, it will be reloaded again after a reinstall and your problem will remain.
So try first and reinstall Firefox and see if that solves the problem.

If not... then I would try a clean install of Firefox. This means, uninstall Firefox, backup the bookmarks.html present in your C:\Documents and Settings\Caleb\Application Data\Mozilla\Firefox\Userprofiles\(name of profile) - folder
Then delete next folders after uninstall:
C:\Documents and Settings\Caleb\Application Data\Mozilla\Firefox
C:\Program Files\Mozilla Firefox

Then reinstall Firefox again and replace the bookmarks.html you backed up previously. You'll have to overwrite the new bookmarks.html there with the one you have backed up previously, so you'll still have your bookmarks again.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 ZeroThree

ZeroThree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 08 November 2007 - 07:39 PM

thank you very much the last choice you gave me worked :thumbsup:

may i reinstall trend now?
also would you recommend keeping antivir and comodo?

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 09 November 2007 - 02:19 AM

Hi,

If you want to reinstall Trend again, you should uninstall Avira and Comodo, since more than 1 Antivirus and Firewall are not compatible with eachother, may cause a lot of problems and a serious system slowdown. And since Trendmicro already contains a Firewall as well, that's why you should uninstall Avira and Comodo first before you reinstall Trendmicro.

In case, after you reinstalled Trendmicro and you notice the same slowdown issues again as you had before, well, in that case, you can still uninstall it once again and install Avira or Comodo again.

And glad I could help :thumbsup:

Edited by miekiemoes, 09 November 2007 - 02:20 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:58 AM

Posted 14 November 2007 - 01:16 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users