Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer sundenly working slow after download that scanned clean.


  • This topic is locked This topic is locked
37 replies to this topic

#1 noname231

noname231

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 27 March 2009 - 11:37 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:00, on 3/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fern\Desktop\New Folder\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6500 bytes


My anti virus just picked up this


Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.

Thaught I should post this just in case.

Edited by noname231, 28 March 2009 - 06:28 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:53 AM

Posted 05 April 2009 - 04:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 06 April 2009 - 10:59 AM

I'm still having a issue with the pc running slow for no reason that I can tell. It also come up saying RunDll.exe could not be started after every boot up. So I'm still having the same issues.

As for the logs here they are.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2008 17:10:33
System Uptime: 4/6/2009 11:42:33 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N72-T PREMIUM
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | Socket 775 | 2834/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 368.675 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A3\3&2411E6FE&0&88
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A3\3&2411E6FE&0&88
Service: NVENETFD

==== System Restore Points ===================

RP182: 3/15/2009 20:54:19 - Scheduled Checkpoint
RP183: 3/16/2009 20:19:50 - Scheduled Checkpoint
RP184: 3/17/2009 06:03:21 - Windows Update
RP185: 3/18/2009 00:08:16 - Windows Update
RP186: 3/19/2009 06:29:45 - Scheduled Checkpoint
RP187: 3/19/2009 13:00:18 - Windows Update
RP188: 3/20/2009 22:36:06 - Scheduled Checkpoint
RP189: 3/20/2009 23:17:21 - Device Driver Package Install: COMODO Network Service
RP190: 3/22/2009 00:20:33 - Scheduled Checkpoint
RP191: 3/23/2009 03:13:45 - Scheduled Checkpoint
RP192: 3/23/2009 19:14:25 - Windows Update
RP193: 3/25/2009 00:50:40 - Scheduled Checkpoint
RP194: 3/25/2009 06:18:02 - Installed Java™ 6 Update 13
RP195: 3/26/2009 02:14:56 - Scheduled Checkpoint
RP196: 3/27/2009 08:30:37 - Windows Update
RP198: 3/27/2009 10:28:07 - Installed FEARCombat
RP200: 3/27/2009 10:31:17 - Installed DirectX 9.0
RP202: 3/27/2009 10:59:27 - Removed FEARCombat
RP203: 3/28/2009 00:00:08 - Scheduled Checkpoint
RP204: 3/29/2009 10:34:18 - Scheduled Checkpoint
RP205: 3/29/2009 13:15:51 - Restore Operation
RP206: 3/29/2009 13:22:02 - Windows Update
RP207: 3/29/2009 13:23:22 - Restore Operation
RP208: 3/29/2009 13:55:36 - Device Driver Package Install: PCTools Network adapters
RP209: 3/29/2009 14:19:10 - Installed Java™ 6 Update 13
RP210: 3/29/2009 14:26:14 - Device Driver Package Install: COMODO Network Service
RP211: 3/30/2009 12:56:05 - Scheduled Checkpoint
RP212: 3/31/2009 19:23:41 - Scheduled Checkpoint
RP213: 4/1/2009 12:50:28 - Scheduled Checkpoint
RP214: 4/2/2009 02:55:27 - Scheduled Checkpoint
RP215: 4/2/2009 14:57:28 - Scheduled Checkpoint
RP216: 4/3/2009 12:21:02 - Scheduled Checkpoint
RP217: 4/4/2009 23:30:17 - Scheduled Checkpoint
RP218: 4/5/2009 12:41:26 - Scheduled Checkpoint
RP219: 4/6/2009 00:49:59 - Scheduled Checkpoint

==== Installed Programs ======================

2MOONS
a-squared Free 4.0
AAC Decoder
Acer eDisplay Management
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Advanced SystemCare 3
Apple Software Update
Ask Toolbar
AutoUpdate
BitDefender Free Edition v10
BitTorrent
Canon MP Navigator EX 1.0
Canon MX300 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cheat Engine 5.4
COMODO Internet Security
COMODO SafeSurf
Content Transfer
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Dofus 1.26.0
Far Cry 2
FrostWire 4.17.2
Full Tilt Poker
H.264 Decoder
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java™ 6 Update 12
LightScribe System Software 1.14.17.1
Media Manager for WALKMAN 1.2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
neroxml
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
Pivot Software
PIXMA Extended Survey Program
PunkBuster Services
QuickTime
SDK
Search Settings 1.2
Smart Defrag 1.11
SoundMAX
System Requirements Lab
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
WarRock
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

3/30/2009 00:28:41, Error: Service Control Manager [7000] - The bdfdll service failed to start due to the following error: The system cannot find the file specified.
3/30/2009 00:28:41, Error: Service Control Manager [7000] - The BDFsDrv service failed to start due to the following error: The system cannot find the file specified.
3/30/2009 00:28:41, Error: Service Control Manager [7000] - The BDRsDrv service failed to start due to the following error: The system cannot find the file specified.
3/30/2009 08:08:31, Error: volmgr [46] - Crash dump initialization failed!
3/30/2009 08:10:24, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/30/2009 19:15:39, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user Fern-PC\Fern SID (S-1-5-21-2188174531-27363812-3535404201-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/2/2009 01:58:04, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================



DDS (Ver_09-03-16.01) - NTFSx86
Run by Fern at 11:49:18.49 on Mon 04/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1957 [GMT -4:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fern\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundTray] c:\program files\analog devices\soundmax\SoundTray.exe
mRun: [BDMCon] "c:\program files\softwin\bitdefender10\bdmcon.exe" /reg
mRun: [BDAgent] "c:\program files\softwin\bitdefender10\bdagent.exe"
mRun: [DT ACR] c:\program files\acer display\edisplay management\DTHtml.exe -startup_folder
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
AppInit_DLLs: c:\windows\system32\cssdll32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fern\appdata\roaming\mozilla\firefox\profiles\trrei56i.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\fern\program files\dna\plugins\npbtdna.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-29 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-29 28688]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-03-29 14:26 253,688 a------- c:\windows\system32\cssdll32.dll
2009-03-29 14:25 155,384 a------- c:\windows\system32\guard32.dll
2009-03-29 14:25 108,560 a------- c:\windows\system32\drivers\cmdguard.sys
2009-03-29 14:25 28,688 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-03-28 05:35 <DIR> --d----- c:\users\fern\appdata\roaming\Malwarebytes
2009-03-28 05:34 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-28 05:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 05:34 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-27 10:28 <DIR> --d----- c:\program files\Sierra
2009-03-20 23:17 <DIR> --d----- c:\program files\AskBarDis
2009-03-20 23:16 <DIR> --d----- c:\programdata\Comodo
2009-03-20 23:16 <DIR> --d----- c:\progra~2\Comodo
2009-03-20 23:16 <DIR> --d----- c:\program files\COMODO
2009-03-20 18:25 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-18 00:12 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-18 00:12 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-18 00:12 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-18 00:12 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-18 00:12 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-18 00:12 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-18 00:12 11,264 a------- c:\windows\system32\icardres.dll
2009-03-18 00:12 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-18 00:08 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-18 00:08 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-18 00:08 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-18 00:08 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-18 00:08 83,968 a------- c:\windows\system32\mscories.dll
2009-03-10 22:07 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-10 22:07 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-10 22:07 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-10 22:07 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-10 22:06 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-10 22:06 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 03:56 3,117,818 a------- c:\windows\system32\GameMon.des
2009-03-10 03:50 <DIR> --d----- c:\program files\Acclaim
2009-03-10 03:12 3,702 a------- c:\windows\system32\tmp.reg
2009-03-10 03:12 691 a------- c:\users\fern\appdata\roaming\GetValue.vbs
2009-03-10 03:12 35 a------- c:\users\fern\appdata\roaming\SetValue.bat
2009-03-08 19:40 <DIR> --d----- c:\users\fern\appdata\roaming\IObit
2009-03-08 19:40 <DIR> --d----- c:\program files\IObit

==================== Find3M ====================

2009-04-06 11:48 81,984 a------- c:\windows\system32\bdod.bin
2009-03-29 14:26 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-29 14:26 86,016 a------- c:\windows\inf\infstor.dat
2009-03-29 14:26 51,200 a------- c:\windows\inf\infpub.dat
2009-03-08 00:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-14 19:02 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-13 21:30 201,816 a------- c:\windows\system32\PnkBstrB.exe
2009-02-05 11:54 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-21 19:38 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-22 17:51 22,328 a------- c:\users\fern\appdata\roaming\PnkBstrK.sys
2008-12-19 11:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:49:30.36 ===============

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:53 AM

Posted 06 April 2009 - 11:12 AM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Then test out your browser and let me know how it runs. Also post a new hijackthis log.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 06 April 2009 - 09:23 PM

I haven't done anything but what I was informed to do. My anti virus did detect something as I mentioned in post 1. I ran CC cleaner as you mentioned.

Here's the MBAM scan:

Malwarebytes' Anti-Malware 1.36
Database version: 1946
Windows 6.0.6001 Service Pack 1

4/6/2009 22:21:31
mbam-log-2009-04-06 (22-21-31).txt

Scan type: Quick Scan
Objects scanned: 58774
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


and a new Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:51, on 4/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Fern\AppData\Local\Temp\Rar$EX00.899\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6151 bytes

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:53 AM

Posted 06 April 2009 - 09:55 PM

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 07 April 2009 - 12:52 PM

ComboFix 09-04-04.01 - Fern 2009-04-07 13:44:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2057 [GMT -4:00]
Running from: c:\users\Fern\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\CNCFLcAR.DLL
c:\windows\system32\CNCFLcCN.DLL
c:\windows\system32\CNCFLcCZ.DLL
c:\windows\system32\CNCFLcDE.DLL
c:\windows\system32\CNCFLcDK.DLL
c:\windows\system32\CNCFLcES.DLL
c:\windows\system32\CNCFLcFI.DLL
c:\windows\system32\CNCFLcFR.DLL
c:\windows\system32\CNCFLcGR.DLL
c:\windows\system32\CNCFLcHU.DLL
c:\windows\system32\CNCFLcID.DLL
c:\windows\system32\CNCFLcIT.DLL
c:\windows\system32\CNCFLcKR.DLL
c:\windows\system32\CNCFLcNL.DLL
c:\windows\system32\CNCFLcNO.DLL
c:\windows\system32\CNCFLcPL.DLL
c:\windows\system32\CNCFLcPT.DLL
c:\windows\system32\CNCFLcRU.DLL
c:\windows\system32\CNCFLcSE.DLL
c:\windows\system32\CNCFLcTH.DLL
c:\windows\system32\CNCFLcTR.DLL
c:\windows\system32\CNCFLcTW.DLL
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-06 22:18 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-06 22:18 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-29 14:26 . 2009-03-29 14:26 253,688 --a------ c:\windows\System32\cssdll32.dll
2009-03-29 14:25 . 2009-03-29 14:25 155,384 --a------ c:\windows\System32\guard32.dll
2009-03-29 14:25 . 2009-03-29 14:25 108,560 --a------ c:\windows\System32\drivers\cmdguard.sys
2009-03-29 14:25 . 2009-03-29 14:25 28,688 --a------ c:\windows\System32\drivers\cmdhlp.sys
2009-03-28 05:35 . 2009-03-28 05:35 <DIR> d-------- c:\users\Fern\AppData\Roaming\Malwarebytes
2009-03-28 05:34 . 2009-03-28 05:34 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-28 05:34 . 2009-03-28 05:34 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-28 05:34 . 2009-04-06 22:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 10:28 . 2009-03-27 10:59 <DIR> d-------- c:\program files\Sierra
2009-03-20 23:17 . 2009-03-29 14:26 <DIR> d-------- c:\program files\AskBarDis
2009-03-20 23:16 . 2009-03-29 14:42 <DIR> d-------- c:\users\All Users\Comodo
2009-03-20 23:16 . 2009-03-29 14:42 <DIR> d-------- c:\programdata\Comodo
2009-03-20 23:16 . 2009-03-29 14:26 <DIR> d-------- c:\program files\COMODO
2009-03-20 18:25 . 2009-03-20 18:25 41,808 --a------ c:\windows\System32\xfcodec.dll
2009-03-18 00:12 . 2008-06-19 21:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-18 00:12 . 2008-06-19 21:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-18 00:12 . 2008-06-19 21:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-18 00:12 . 2008-06-19 21:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-18 00:12 . 2008-06-19 21:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-18 00:12 . 2008-06-19 21:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-18 00:12 . 2008-06-19 21:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-18 00:12 . 2008-06-19 21:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-18 00:08 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-18 00:08 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-18 00:08 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-18 00:08 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-18 00:08 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-10 22:07 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 22:07 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 22:07 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 22:07 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 22:06 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 22:06 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 03:56 . 2009-02-24 17:13 3,117,818 --a------ c:\windows\System32\GameMon.des
2009-03-10 03:50 . 2009-03-10 03:50 <DIR> d-------- c:\program files\Acclaim
2009-03-10 03:12 . 2009-03-10 03:14 691 --a------ c:\users\Fern\AppData\Roaming\GetValue.vbs
2009-03-10 03:12 . 2009-03-10 03:14 35 --a------ c:\users\Fern\AppData\Roaming\SetValue.bat
2009-03-10 03:05 . 2009-03-10 03:05 <DIR> d-------- c:\windows\System32\SmitfraudFix
2009-03-08 19:40 . 2009-03-08 20:14 <DIR> d-------- c:\users\Fern\AppData\Roaming\IObit
2009-03-08 19:40 . 2009-03-08 19:49 <DIR> d-------- c:\program files\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 17:44 81,984 ----a-w c:\windows\System32\bdod.bin
2009-04-07 01:58 --------- d-----w c:\program files\Cheat Engine
2009-04-05 19:29 --------- d-----w c:\users\Fern\AppData\Roaming\FrostWire
2009-04-03 16:42 --------- d-----w c:\users\Fern\AppData\Roaming\Xfire
2009-04-03 16:38 --------- d-----w c:\programdata\Xfire
2009-04-01 21:41 --------- d-----w c:\programdata\CanonIJPLM
2009-03-31 22:31 --------- d-----w c:\program files\WarRock
2009-03-31 14:08 --------- d-----w c:\program files\Xfire
2009-03-29 18:19 --------- d-----w c:\program files\Java
2009-03-29 18:12 --------- d-----w c:\program files\PC Tools Firewall Plus
2009-03-29 18:11 --------- d---a-w c:\programdata\TEMP
2009-03-29 17:45 --------- d-----w c:\program files\Pando Networks
2009-03-29 17:25 --------- d-----w c:\users\Fern\AppData\Roaming\Ventrilo
2009-03-29 17:25 --------- d-----w c:\program files\Common Files\PC Tools
2009-03-27 14:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 23:57 --------- d-----w c:\program files\SystemRequirementsLab
2009-03-17 23:56 --------- d-----w c:\users\Fern\AppData\Roaming\SystemRequirementsLab
2009-03-16 19:25 --------- d-----w c:\program files\Dofus
2009-03-11 07:03 --------- d-----w c:\program files\Windows Mail
2009-03-09 18:01 --------- d-----w c:\users\Fern\AppData\Roaming\DNA
2009-03-09 01:27 --------- d-----w c:\program files\Dealio
2009-03-08 23:47 --------- d-----w c:\users\Fern\AppData\Roaming\TeamViewer
2009-03-08 23:47 --------- d-----w c:\users\Fern\AppData\Roaming\MusicNet
2009-03-08 23:47 --------- d-----w c:\users\Fern\AppData\Roaming\BitTorrent
2009-03-08 23:47 --------- d-----w c:\program files\Full Tilt Poker
2009-03-08 04:27 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-05 22:31 --------- d-----w c:\program files\FrostWire
2009-03-05 22:25 --------- d-----w c:\programdata\3327
2009-03-02 21:48 --------- d-----w c:\users\Fern\AppData\Roaming\Canon
2009-03-02 21:41 --------- d-----w c:\program files\Canon
2009-02-28 17:17 --------- d-----w c:\programdata\NVIDIA
2009-02-28 16:31 --------- d-----w c:\program files\Common Files\CANON
2009-02-28 16:29 --------- d--h--w c:\programdata\CanonBJ
2009-02-28 16:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-28 16:25 --------- d--h--w c:\program files\CanonBJ
2009-02-17 02:33 --------- d-----w c:\program files\DNA
2009-02-17 02:33 --------- d-----w c:\program files\BitTorrent
2009-02-16 11:14 --------- d-----w c:\programdata\3123
2009-02-15 23:59 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-15 23:57 --------- d-----w c:\program files\Search Settings
2009-02-15 23:57 --------- d-----w c:\program files\QuickTime
2009-02-15 23:57 --------- d-----w c:\program files\MSN Messenger
2009-02-15 23:57 --------- d-----w c:\program files\a-squared Free
2009-02-15 01:40 --------- d-----w c:\program files\Blubster
2009-02-15 00:36 --------- d-----w c:\programdata\2528E
2009-02-14 23:49 --------- d-----w c:\programdata\361B5
2009-02-14 23:37 --------- d-----w c:\users\Fern\AppData\Roaming\LimeWire
2009-02-14 23:37 --------- d-----w c:\program files\LimeWire
2009-02-14 23:13 --------- d-----w c:\users\Fern\AppData\Roaming\Sony Corporation
2009-02-14 23:12 --------- d-----w c:\program files\Sony
2009-02-14 23:10 --------- d-----w c:\program files\Common Files\Sony Shared
2009-02-14 23:08 --------- d-----w c:\programdata\Apple Computer
2009-02-14 23:08 --------- d-----w c:\programdata\Apple
2009-02-14 23:08 --------- d-----w c:\program files\Apple Software Update
2009-02-14 23:02 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-14 01:30 201,816 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-10 23:14 --------- d-----w c:\program files\Garena
2009-02-05 15:54 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2009-01-21 23:38 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-12-22 21:51 22,328 ----a-w c:\users\Fern\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-08-02 53248]
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"DT ACR"="c:\program files\Acer Display\eDisplay Management\DTHtml.exe" [2007-09-20 305664]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-29 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-29 1851128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D94CE91-2451-4414-9B18-04AB8E405C55}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{C60030B7-4A5F-4147-90F2-5B1071300D40}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{AFB64B7A-B4D5-4D74-8A3F-24464D0AF832}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{2DA37A9A-7746-4E32-9226-972389A0A0FB}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{3D7AFFEA-7D30-4DAF-84FA-41FA0A9B8FE3}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{D0FBAFFA-9752-453A-BDDA-9F9ECAF15432}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{88DF7E8B-B46B-4E14-8F08-39112EBAD5AD}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{E253BCF0-3023-43D6-A910-D152E4FFDFDE}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{8588FED9-32F7-44F2-B35E-8E2F585792E2}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EBDA6D0A-8A8F-4EE2-8DF7-31671D6874B9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{074492DA-0E58-49C1-BF52-782B0D85073B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D7C4EFCA-DCC1-47F6-A0EA-96D874FE5249}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{FAE76E63-D51E-4131-89A1-4B0C27578F34}"= UDP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torque
"{62A53E43-443F-41CB-A6FE-9CB6CC026932}"= TCP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torque
"{FB9555A0-457D-4A09-9DFD-3FDDA2A36B69}"= UDP:c:\vertigogames\Game\BlackShot\Blackshot\system\BlackShot.exe:BlackShot
"{A7F2FB77-D70B-4844-84A7-2AF10F42FF2E}"= TCP:c:\vertigogames\Game\BlackShot\Blackshot\system\BlackShot.exe:BlackShot
"TCP Query User{2E821BB1-C466-4C97-82D2-85D5823FBC95}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{621ACC41-F28F-43BC-AF08-8BB22839FE15}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{03983591-5273-4DBE-8F99-343BF3A86C5C}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{957C0CD2-1C2A-4A79-A774-FFF7AF1F5BA6}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{6579BF50-B875-491D-A836-83F23CF2BDAD}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{BEA77F1A-0A7A-49C6-B667-DE57091CB2E6}"= UDP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{BA2B145F-45ED-4098-A854-48DC10D4534B}"= TCP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{510136B7-9306-4BE7-83B7-28E4547FB046}"= UDP:c:\program files\Blubster\Blubster.exe:Blubster
"{BA8296D6-FEC9-43E1-8977-BF6365F4748C}"= TCP:c:\program files\Blubster\Blubster.exe:Blubster
"{38720CD4-E2AE-4F36-85E4-C744EC42985A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{93E3D1DE-702D-4B17-BDFD-BFF90817CD73}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{5D117E44-FEF7-4EFE-B85A-DC7C99A8B48D}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{B061361D-471E-419D-BCD7-454FF4200052}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-03-29 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-03-29 28688]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518f5628-cd50-11dd-a108-806e6f6e6963}]
\shell\AutoRun\command - D:\EBR2310.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22 14:45]

2009-04-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-04-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-08 19:49]
.
.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\users\Fern\AppData\Roaming\Mozilla\Firefox\Profiles\trrei56i.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Fern\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 13:46:07
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\cssdll32.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\cssdll32.dll
c:\windows\system32\guard32.dll
.
Completion time: 2009-04-07 13:47:58
ComboFix-quarantined-files.txt 2009-04-07 17:47:56

Pre-Run: 395,556,343,808 bytes free
Post-Run: 395,572,494,336 bytes free

280 --- E O F --- 2009-03-19 17:00:33

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:53 AM

Posted 07 April 2009 - 02:08 PM

Any change?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 07 April 2009 - 05:48 PM

No changes, I'm still having a issue with the pc running slow for no reason that I can tell. It also come up saying RunDll.exe could not be started after every boot up

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:53 AM

Posted 07 April 2009 - 06:38 PM

right click on the taskbar and select taskmanager. See what process's other than System Idle Process are using cycles. Tell me what process's are using more than 10% of the cycles.

I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 08 April 2009 - 11:12 AM

No programs are using more then 10% of the cycles. Only task manager and system are coming up between 1-3%.

I tried doing the second part that you mentioned but I'm using Windows Vista™ Home Premium.

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:53 AM

Posted 08 April 2009 - 11:53 AM

Sorry, I pasted in the wrong instructions. The instructions are the same, just save them as EVTX files instead of EVT files.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 08 April 2009 - 01:47 PM

Here's the files. They don't seem to want to upload.

It stays stuck on Uploading file but never finishes.

I made a .Zip file with both attached documents but still wont upload, just stays stuck on Uploading file and never finishes.
The bottom info bar says: Sending request to www.bleepingcomputer.com..... then goes to done but nothing happens

Edited by noname231, 08 April 2009 - 02:06 PM.


#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:53 AM

Posted 08 April 2009 - 04:37 PM

I have sent you a private message on what to do.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 noname231

noname231
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 08 April 2009 - 05:24 PM

I tried attaching the files threw email but even then they would not upload. However, I was able to get it loaded onto sendspace at a brutal rate of 1kbs, but halfway threw this error kept arriving.
The network link was interrupted while negotiating a connection. Please try again. And of course, every time I retry it start crawling then the error pops up.

It seems something is blocking my ability to upload files no matter what site or how. I can make Inbound and Outbound connections but can't get anything uploaded.
I'm using comodo firewall and BitDefender.

Also I've been getting huge ping spikes while speaking on programs or playing games. My average ping is 30, then out of no where it will jump to 10000 and last for about 5 minutes. I contacted my ISP and they said between the modem and the server there is no issues.

This only started happening after I ran Combo fix...

Edited by noname231, 08 April 2009 - 06:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users