Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is slow, I've tried everything


  • This topic is locked This topic is locked
11 replies to this topic

#1 AeroMonk

AeroMonk

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 21 June 2009 - 01:07 PM

My computer is running slow, but I don't know why. I also attached the "Attach.txt" file.

Here's my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:26 PM, on 6/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Stardock\Object Desktop\CursorFX\CursorFX.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Winstep\nextstart.exe
C:\Program Files\Winstep\workshelf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\mbpowertools\iReceiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Dan\Desktop\Accessories & Downloads\vkt.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program

Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -

C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program

Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch -

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -

C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program

Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program

Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -

C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS

Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program

Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program

Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NAB_Uninstall] wscript //B
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [CursorFX] C:\Program Files\Stardock\Object

Desktop\CursorFX\CursorFX.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\Object

Desktop\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [NextSTART] C:\Program Files\Winstep\nextstart.exe autostart
O4 - HKCU\..\Run: [WorkShelf] C:\Program Files\Winstep\workshelf.exe autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')
O4 - S-1-5-18 Startup: CP36 Desktop Widget 2.lnk = C:\Program Files\Stardock\Object

Desktop\DesktopX\Widgets\CP36Widget2.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Shortcut to iReceiver.lnk = C:\Program

Files\mbpowertools\iReceiver.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: CP36 Desktop Widget 2.lnk = C:\Program Files\Stardock\Object

Desktop\DesktopX\Widgets\CP36Widget2.exe (User 'Default user')
O4 - .DEFAULT Startup: Shortcut to iReceiver.lnk = C:\Program

Files\mbpowertools\iReceiver.exe (User 'Default user')
O4 - .DEFAULT User Startup: Shortcut to iReceiver.exe.lnk = C:\Program

Files\mbpowertools\iReceiver.exe (User 'Default user')
O4 - Startup: CP36 Desktop Widget 2.lnk = C:\Program Files\Stardock\Object

Desktop\DesktopX\Widgets\CP36Widget2.exe
O4 - Startup: Shortcut to iReceiver.lnk = C:\Program

Files\mbpowertools\iReceiver.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program

Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program

Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program

Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program

Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program

Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program

Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program

Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect

Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -

res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: http://by125w.bay125.mail.live.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.stargatewars.com
O15 - Trusted Zone: http://*.stargatewars.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -

http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) -

http://us.bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program

Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: CsKeyboard - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc.

- C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program

Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program

Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner -

C:\WINDOWS\system32\PSIService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 15925 bytes








Here's my DDS.txt:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dan at 10:28:07.90 on Sun 06/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windowsxlive.net
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: flashget urlcatch: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - FGCatchUrl
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [viwc] c:\windows\system32\viwc.exe
uRun: [LClock] c:\program files\lclock\LClock.exe
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [ViOrb] c:\program files\viorb\ViOrb.exe
uRun: [CursorFX] c:\program files\stardock\object desktop\cursorfx\CursorFX.exe
uRun: [CursorXP] c:\program files\stardock\object desktop\cursorxp\CursorXP.exe
uRun: [NextSTART] c:\program files\winstep\nextstart.exe autostart
uRun: [WorkShelf] c:\program files\winstep\workshelf.exe autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] c:\program files\hp\hpcoretech\hpcmpmgr.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\Ad-Watch.exe
mRun: [SysMetrix] c:\program files\sysmetrix\SysMetrix.exe
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\bootskin.exe" /StartupJobs
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [NAB_Uninstall] wscript //B
dRunOnce: [<NO NAME>] OSK.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download All with Rapidshare Downloader
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with Rapidshare Downloader
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE\Classes
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE\Classes\CLSID
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ProgID
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: live.com\by125w.bay125.mail
Trusted Zone: msn.com
Trusted Zone: stargatewars.com
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://us.bookmarks.yahoo.com/YbConvFav.CAB
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -

hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet

security\engine\16.5.0.135\CoIEPlg.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object

desktop\iconpackager\iprepair.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccaXNGw

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\vnip95rx.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - component: c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\dan\application

data\mozilla\firefox\profiles\vnip95rx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp

07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-21 10:12 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 14:23 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-12 14:23 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-12 14:23 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-12 14:23 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-12 14:23 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-12 14:20 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-12 14:20 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-12 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-06-12 13:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-12 13:45 <DIR> --d----- c:\program files\NortonInstaller
2009-06-12 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-10 14:01 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-02 15:11 <DIR> --d----- c:\program files\iPod
2009-06-02 15:10 <DIR> --d----- c:\program files\iTunes
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-20 23:04 4,848,640 a------- c:\windows\system32\logonuiX.exe
2009-06-17 06:10 50,729 a------- c:\windows\system32\nvModes.dat
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-10 01:59 3,870 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 04:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 10:26 583,168 a------- c:\windows\system32\rpcrt4.dll
1999-04-07 21:30 9,424 a------- c:\program files\access.exe
2007-06-04 16:21 8 ---shr-- c:\windows\system32\431FD52672.sys
2007-06-19 02:27 88 ---shr-- c:\windows\system32\556A6558A9.sys

============= FINISH: 10:33:35.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:25 AM

Posted 26 June 2009 - 06:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 AeroMonk

AeroMonk
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 28 June 2009 - 05:13 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Dan at 16:45:21.87 on Sun 06/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windowsxlive.net
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: flashget urlcatch: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - FGCatchUrl
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet

security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet

security\engine\16.5.0.135\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet

security\engine\16.5.0.135\coIEPlg.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [viwc] c:\windows\system32\viwc.exe
uRun: [LClock] c:\program files\lclock\LClock.exe
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [ViOrb] c:\program files\viorb\ViOrb.exe
uRun: [CursorFX] c:\program files\stardock\object desktop\cursorfx\CursorFX.exe
uRun: [CursorXP] c:\program files\stardock\object desktop\cursorxp\CursorXP.exe
uRun: [NextSTART] c:\program files\winstep\nextstart.exe autostart
uRun: [WorkShelf] c:\program files\winstep\workshelf.exe autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] c:\program files\hp\hpcoretech\hpcmpmgr.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\Ad-Watch.exe
mRun: [SysMetrix] c:\program files\sysmetrix\SysMetrix.exe
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\bootskin.exe" /StartupJobs
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [<NO NAME>] OSK.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download All with Rapidshare Downloader
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with Rapidshare Downloader
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE\Classes
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE\Classes\CLSID
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ProgID
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: live.com\by125w.bay125.mail
Trusted Zone: msn.com
Trusted Zone: stargatewars.com
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://us.bookmarks.yahoo.com/YbConvFav.CAB
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -

hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet

security\engine\16.5.0.135\CoIEPlg.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object

desktop\iconpackager\iprepair.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccaXNGw

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\vnip95rx.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - component: c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\dan\application

data\mozilla\firefox\profiles\vnip95rx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp

07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-21 10:12 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 14:23 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-12 14:23 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-12 14:23 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-12 14:23 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-12 14:23 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-12 14:20 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-12 14:20 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-12 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-06-12 13:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-12 13:45 <DIR> --d----- c:\program files\NortonInstaller
2009-06-12 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-10 14:01 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-02 15:11 <DIR> --d----- c:\program files\iPod
2009-06-02 15:10 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-06-27 22:54 4,848,640 a------- c:\windows\system32\logonuiX.exe
2009-06-17 06:10 50,729 a------- c:\windows\system32\nvModes.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-10 01:59 3,870 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 04:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 10:26 583,168 a------- c:\windows\system32\rpcrt4.dll
1999-04-07 21:30 9,424 a------- c:\program files\access.exe
2007-06-04 16:21 8 ---shr-- c:\windows\system32\431FD52672.sys
2007-06-19 02:27 88 ---shr-- c:\windows\system32\556A6558A9.sys

============= FINISH: 17:07:20.54 ===============

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 30 June 2009 - 04:53 AM

Hi AeroMonk,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.


  • You have the latest version of Java (6 update 14) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 2
    Java™ 6 Update 5
    Java™ 6 Update 6
    Java™ 6 Update 7
    Java™ SE Runtime Environment 6 Update 1
    Junk Mail filter update


  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please include in your next reply:
  • The log of MBAM.
  • The ComboFix log.
  • Any comment or feedback about how it went.


#5 AeroMonk

AeroMonk
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 02 July 2009 - 04:12 PM

Malwarebytes' Anti-Malware 1.38
Database version: 2365
Windows 5.1.2600 Service Pack 2

7/2/2009 3:17:03 PM
mbam-log-2009-07-02 (15-17-03).txt

Scan type: Quick Scan
Objects scanned: 96751
Time elapsed: 30 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ComboFix 09-07-01.04 - Dan 07/02/2009 15:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.663 [GMT -5:00]
Running from: c:\documents and settings\Dan\Desktop\Accessories & Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
/wow section - STAGE 32A
Access is denied.
Access is denied.
Access is denied.
Access is denied.
SED: can't read temp0900: Permission denied
Access is denied.
Access is denied.
Access is denied.
Access is denied.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\windows\Installer\5075303.msi
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\Drivers\dmtpqxvusbfo.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_dmtpqxvusbfo
-------\Service_dmtpqxvusbfo


((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 20:37 . 2009-06-12 19:22 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-02 19:55 . 2009-07-02 19:58 -------- d-----w- C:\32788R22FWJFW
2009-07-02 19:25 . 2009-06-12 19:22 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\NAVENG.SYS
2009-07-02 19:25 . 2009-06-12 19:22 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\NAVEX15.SYS
2009-07-02 19:25 . 2009-06-12 19:22 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\NAVEX32A.DLL
2009-07-02 19:25 . 2009-06-12 19:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\NAVENG32.DLL
2009-07-02 19:25 . 2009-06-12 19:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\EECTRL.SYS
2009-07-02 19:25 . 2009-06-12 19:22 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\ERASER.SYS
2009-07-02 19:25 . 2009-06-12 19:22 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\ECMSVR32.DLL
2009-07-02 19:25 . 2009-06-12 19:22 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090702.005\CCERASER.DLL
2009-07-02 18:42 . 2009-07-02 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-30 23:38 . 2009-06-12 19:22 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-30 23:38 . 2009-06-12 19:22 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 23:38 . 2009-06-12 19:22 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 23:38 . 2009-06-12 19:22 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 23:38 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-28 21:49 . 2009-06-28 21:49 -------- d--h--w- c:\windows\PIF
2009-06-24 16:47 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 16:47 . 2009-06-12 19:22 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 16:47 . 2009-06-12 19:22 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 16:47 . 2009-06-12 19:22 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 16:47 . 2009-06-12 19:22 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-21 15:12 . 2009-06-21 15:12 -------- d-----w- c:\program files\Trend Micro
2009-06-12 19:25 . 2009-06-12 19:22 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-12 19:23 . 2009-06-12 19:22 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-12 19:23 . 2009-06-12 19:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-12 19:23 . 2009-06-12 19:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-12 19:22 . 2009-06-12 19:22 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-06-12 19:22 . 2009-06-12 19:22 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-06-12 19:22 . 2009-06-12 19:22 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-06-12 19:22 . 2009-06-12 19:22 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-12 19:22 . 2009-06-12 19:22 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-12 19:22 . 2009-06-12 19:22 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-06-12 19:22 . 2009-06-12 19:22 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-12 19:20 . 2009-06-12 19:20 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-12 19:20 . 2009-06-12 19:21 -------- d-----w- c:\program files\Norton Internet Security
2009-06-12 18:53 . 2009-06-12 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-06-12 18:52 . 2009-06-12 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-12 18:45 . 2009-06-12 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-12 18:45 . 2009-06-12 18:45 -------- d-----w- c:\program files\NortonInstaller
2009-06-10 18:49 . 2009-06-10 18:49 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-06 05:43 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Dan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 20:51 . 2008-08-19 20:54 -------- d-----w- c:\program files\ViStart
2009-07-02 20:50 . 2004-08-04 12:00 4848640 ----a-w- c:\windows\system32\logonuiX.exe
2009-07-02 20:49 . 2008-08-21 09:48 -------- d-----w- c:\program files\SysMetrix
2009-07-02 19:39 . 2008-09-24 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 19:38 . 2008-10-28 23:33 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:42 . 2008-09-17 22:11 -------- d-----w- c:\program files\RegCure
2009-07-02 03:44 . 2007-06-08 05:30 -------- d-----w- c:\program files\BitComet
2009-07-02 03:42 . 2009-02-24 07:40 -------- d-----w- c:\program files\PeerGuardian2
2009-07-01 22:25 . 2007-05-28 17:08 -------- d-----w- c:\program files\Java
2009-06-28 20:38 . 2008-04-13 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-21 15:01 . 2007-05-16 01:42 -------- d-----w- c:\program files\Symantec
2009-06-17 16:27 . 2008-09-24 22:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2008-09-24 22:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 11:10 . 2007-05-15 11:36 50729 ----a-w- c:\windows\system32\nvModes.dat
2009-06-15 22:22 . 2009-04-06 23:44 -------- d-----w- c:\program files\ComfortKeys
2009-06-12 21:24 . 2007-05-16 01:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 19:22 . 2009-06-12 19:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-12 19:22 . 2009-06-12 19:23 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-12 19:20 . 2007-05-16 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-12 19:07 . 2007-05-16 01:42 -------- d-----w- c:\documents and settings\Dan\Application Data\Symantec
2009-06-12 02:01 . 2009-03-09 22:24 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-02 20:19 . 2009-06-02 20:10 -------- d-----w- c:\program files\iTunes
2009-06-02 20:11 . 2009-06-02 20:11 -------- d-----w- c:\program files\iPod
2009-06-02 20:11 . 2008-04-13 05:15 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 19:25 . 2009-06-02 19:16 -------- d-----w- c:\program files\QuickTime
2009-06-02 18:21 . 2009-06-02 18:21 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 18:36 . 2009-03-25 01:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 18:36 . 2008-04-13 05:18 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 19:46 . 2008-08-26 19:44 -------- d-----w- c:\program files\Winstep
2009-05-25 05:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-23 10:19 . 2009-03-04 01:25 -------- d-----w- c:\program files\mbpowertools
2009-05-21 16:33 . 2009-02-08 04:47 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 20:12 . 2007-05-15 11:11 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-10 06:59 . 2007-05-19 20:14 3870 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-05 11:22 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-04 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
1999-04-08 02:30 . 2008-09-25 16:12 9424 ----a-w- c:\program files\access.exe
2009-04-01 03:47 . 2008-06-19 00:26 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-06-04 21:21 . 2007-06-04 21:21 8 --sh--r- c:\windows\system32\431FD52672.sys
2007-06-19 07:27 . 2007-05-19 20:14 88 --sh--r- c:\windows\system32\556A6558A9.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"viwc"="c:\windows\system32\viwc.exe" [2007-11-30 329029]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"CursorFX"="c:\program files\Stardock\Object Desktop\CursorFX\CursorFX.exe" [2008-07-07 416768]
"CursorXP"="c:\program files\Stardock\Object Desktop\CursorXP\CursorXP.exe" [2005-01-19 128000]
"NextSTART"="c:\program files\Winstep\nextstart.exe" [2009-05-22 5327414]
"WorkShelf"="c:\program files\Winstep\workshelf.exe" [2009-05-22 10794038]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 610304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-08-12 2468200]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-26 921600]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
CP36 Desktop Widget 2.lnk - c:\program files\Stardock\Object Desktop\DesktopX\Widgets\CP36Widget2.exe [2008-10-12 754176]
Shortcut to iReceiver.lnk - c:\program files\mbpowertools\iReceiver.exe [2009-3-3 266240]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Shortcut to iReceiver.exe.lnk - c:\program files\mbpowertools\iReceiver.exe [2009-3-3 266240]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Shortcut to iReceiver.exe.lnk - c:\program files\mbpowertools\iReceiver.exe [2009-3-3 266240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-28 10:03 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^Dan^Start Menu^Programs^Startup^CPU Temperature.lnk]
backup=c:\windows\pss\CPU Temperature.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mbpowertools\\iReceiver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16430:TCP"= 16430:TCP:BitComet 16430 TCP
"16430:UDP"= 16430:UDP:BitComet 16430 UDP
"58600:TCP"= 58600:TCP:PandoRest Listening Port
"58517:TCP"= 58517:TCP:PandoRest Listening Port
"34641:TCP"= 34641:TCP:iReceiver
"17019:TCP"= 17019:TCP:BitComet 17019 TCP(ED2K)
"17019:UDP"= 17019:UDP:BitComet 17019 UDP(ED2K)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/12/2009 2:22 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/12/2009 2:22 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/12/2009 2:22 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [6/30/2009 6:38 PM 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/12/2009 2:22 PM 115560]
R2 ntk3;ntk3;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk3.sys [9/26/2008 6:12 PM 120048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/13/2009 2:36 AM 101936]
R3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [11/11/2003 5:20 PM 183680]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\VCdRom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [6/9/2007 8:11 PM 17408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [3/12/2008 5:47 AM 44928]
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-06-16 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet36002003-04-11 20:25N3AM3F58C6B.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 20:25]

2009-06-22 c:\windows\Tasks\Norton Internet Security - Dan - Full System Scan.job
- c:\program files\Norton Internet Security\Engine\16.5.0.135\Navw32.exe [2009-06-12 19:22]

2009-07-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-02 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-22 20:31]

2009-06-24 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-07-07 14:50]

2008-07-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-07-07 14:50]

2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{59323948-0449-4CA4-8A9F-8E2594F6A3BD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
- - - - ORPHANS REMOVED - - - -

Notify-CsKeyboard - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with Rapidshare Downloader
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with Rapidshare Downloader
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: live.com\by125w.bay125.mail
Trusted Zone: msn.com
Trusted Zone: stargatewars.com
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\vnip95rx.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\vnip95rx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 15:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\cscui.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\nview.dll
c:\program files\ViStart\MainHook.Dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Object Desktop\CursorFX\CurXP0.dll
c:\windows\system32\browselc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Stardock\OBJECT~1\DesktopX\DXWidget.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-07-02 16:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 21:04

Pre-Run: 1,829,859,328 bytes free
Post-Run: 1,762,516,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

353 --- E O F --- 2009-06-12 02:02

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 03 July 2009 - 04:11 AM

  • Click on this link--> virustotal

    Click the browse button. Copy and paste the line in bold in the open box, then click Send File.

    c:\windows\system32\viwc.exe

    If the file is analyzed before, click Reanalyse File Now button.
    Please copy and paste the results of the scan in your next post.

  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    DDS::
    uInternet Connection Wizard,ShellNext = iexplore
    Trusted Zone: hotmail.com
    Trusted Zone: live.com
    Trusted Zone: live.com\by125w.bay125.mail
    Trusted Zone: msn.com
    Trusted Zone: stargatewars.com
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Firefox::
    FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\vnip95rx.default\
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard]
    "ShellNext"="http://windowsupdate.microsoft.com/"
    "Completed"=hex:01,00,00,00

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


#7 AeroMonk

AeroMonk
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 04 July 2009 - 04:25 AM

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.04 -
AhnLab-V3 5.0.0.2 2009.07.03 -
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 RiskTool/Win32.PsKill.gen
Authentium 5.1.2.4 2009.07.03 -
Avast 4.8.1335.0 2009.07.03 -
AVG 8.5.0.386 2009.07.03 -
BitDefender 7.2 2009.07.04 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.04 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.03 -
F-Secure 8.0.14470.0 2009.07.04 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.04 -
Ikarus T3.1.1.64.0 2009.07.04 -
Jiangmin 11.0.706 2009.07.04 Trojan/Agent.caic
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.04 -
McAfee 5665 2009.07.03 -
McAfee+Artemis 5665 2009.07.03 -
McAfee-GW-Edition 6.8.5 2009.07.04 -
Microsoft 1.4803 2009.07.04 -
NOD32 4215 2009.07.04 -
Norman 6.01.09 2009.07.03 -
nProtect 2009.1.8.0 2009.07.04 -
Panda 10.0.0.14 2009.07.03 -
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.04 -
Rising 21.36.50.00 2009.07.04 -
Sophos 4.43.0 2009.07.04 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.04 -
TheHacker 6.3.4.3.361 2009.07.04 Trojan/Agent2.cdb
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.04 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.03 -
Additional information
File size: 329029 bytes
MD5...: c4306a4d8501e9c75dba2c7372502e6d
SHA1..: d75f6f09031ab1a0c7cfff6b0b4a2fb73ebed024
SHA256: 5112a23f4cec215b074b460b26eb73e77d3d0907792a4aea3c32df43b616c36a
ssdeep: 6144:lriGqqAJgtjjA9ig0+27IS0vbIo7TyVYDUeEr7Atrc97Ll3Qllcfj/CHCF:
lN0gtjtP7l004yCDUrrkG97x3QXUbt
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x29aa
timedatestamp.....: 0x47434dcd (Tue Nov 20 21:12:45 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1fbd 0x2000 6.39 3e51b924c6df6e77d32fe7f1625b611b
.rdata 0x3000 0x88a 0xa00 4.70 09faa0f7224520b55ea1a6518175e233
.data 0x4000 0x308 0x200 2.66 dd9439a0e201f5c49947c3b7d0d02d83
.rsrc 0x5000 0x300c 0x3200 5.11 bc45639696b1fe269788edb92b7ee9f8

( 4 imports )
> KERNEL32.dll: GetCurrentProcess, GetVersionExA, OpenFile, FreeLibrary, GetProcAddress, LoadLibraryA, _lcreat, WinExec, _lopen, GetModuleFileNameA, GetModuleHandleA, GetCommandLineA, SetErrorMode, ExitProcess, _lwrite, GetLastError, lstrcatA, GlobalLock, FormatMessageA, LocalFree, lstrcpyA, GetTempPathA, GetWindowsDirectoryA, GetTempFileNameA, MulDiv, lstrlenA, _lread, _llseek, GlobalUnlock, GlobalFree, GlobalAlloc, _lclose
> USER32.dll: ExitWindowsEx, wsprintfA, CreateWindowExA, ShowWindow, SetWindowPos, UpdateWindow, SetTimer, LoadIconA, LoadCursorA, RegisterClassA, MessageBoxA, BeginPaint, DrawTextA, EndPaint, InvalidateRect, PostQuitMessage, DefWindowProcA, GetDC, ReleaseDC, GetClientRect, SendMessageA
> GDI32.dll: SetTextColor, SetBkMode, SelectObject, StretchDIBits, CreateFontA, TextOutA, RealizePalette, SelectPalette, CreatePalette, GetStockObject, DeleteObject, CreateSolidBrush, GetDeviceCaps, PatBlt
> ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=c4306a4d8501e9c75dba2c7372502e6d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=c4306a4d8501e9c75dba2c7372502e6d</a>







ComboFix 09-07-01.04 - Dan 07/04/2009 3:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.571 [GMT -5:00]
Running from: c:\documents and settings\Dan\Desktop\Accessories & Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\Accessories & Downloads\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
/wow section - STAGE 32A
Access is denied.
Access is denied.


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 01:41 . 2009-06-12 19:22 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG.SYS
2009-07-04 01:41 . 2009-06-12 19:22 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX15.SYS
2009-07-04 01:41 . 2009-06-12 19:22 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX32A.DLL
2009-07-04 01:41 . 2009-06-12 19:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG32.DLL
2009-07-04 01:41 . 2009-06-12 19:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\EECTRL.SYS
2009-07-04 01:41 . 2009-06-12 19:22 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ERASER.SYS
2009-07-04 01:41 . 2009-06-12 19:22 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ECMSVR32.DLL
2009-07-04 01:41 . 2009-06-12 19:22 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\CCERASER.DLL
2009-07-03 16:27 . 2009-06-12 19:22 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-02 18:42 . 2009-07-02 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-30 23:38 . 2009-06-12 19:22 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-30 23:38 . 2009-06-12 19:22 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 23:38 . 2009-06-12 19:22 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 23:38 . 2009-06-12 19:22 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 23:38 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-28 21:49 . 2009-06-28 21:49 -------- d--h--w- c:\windows\PIF
2009-06-24 16:47 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 16:47 . 2009-06-12 19:22 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 16:47 . 2009-06-12 19:22 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 16:47 . 2009-06-12 19:22 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 16:47 . 2009-06-12 19:22 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-21 15:12 . 2009-06-21 15:12 -------- d-----w- c:\program files\Trend Micro
2009-06-12 19:25 . 2009-06-12 19:22 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-12 19:23 . 2009-06-12 19:22 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-12 19:23 . 2009-06-12 19:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-12 19:23 . 2009-06-12 19:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-12 19:22 . 2009-06-12 19:22 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-06-12 19:22 . 2009-06-12 19:22 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-06-12 19:22 . 2009-06-12 19:22 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-06-12 19:22 . 2009-06-12 19:22 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-12 19:22 . 2009-06-12 19:22 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-12 19:22 . 2009-06-12 19:22 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-06-12 19:22 . 2009-06-12 19:22 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-12 19:20 . 2009-06-12 19:20 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-12 19:20 . 2009-06-12 19:21 -------- d-----w- c:\program files\Norton Internet Security
2009-06-12 18:53 . 2009-06-12 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-06-12 18:52 . 2009-06-12 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-12 18:45 . 2009-06-12 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-12 18:45 . 2009-06-12 18:45 -------- d-----w- c:\program files\NortonInstaller
2009-06-10 18:49 . 2009-06-10 18:49 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-06 05:43 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Dan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 16:33 . 2008-08-19 20:54 -------- d-----w- c:\program files\ViStart
2009-07-03 16:32 . 2004-08-04 12:00 4848640 ----a-w- c:\windows\system32\logonuiX.exe
2009-07-03 16:31 . 2008-08-21 09:48 -------- d-----w- c:\program files\SysMetrix
2009-07-02 19:39 . 2008-09-24 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 19:38 . 2008-10-28 23:33 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:42 . 2008-09-17 22:11 -------- d-----w- c:\program files\RegCure
2009-07-02 03:44 . 2007-06-08 05:30 -------- d-----w- c:\program files\BitComet
2009-07-02 03:42 . 2009-02-24 07:40 -------- d-----w- c:\program files\PeerGuardian2
2009-07-01 22:25 . 2007-05-28 17:08 -------- d-----w- c:\program files\Java
2009-06-28 20:38 . 2008-04-13 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-21 15:01 . 2007-05-16 01:42 -------- d-----w- c:\program files\Symantec
2009-06-17 16:27 . 2008-09-24 22:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2008-09-24 22:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 11:10 . 2007-05-15 11:36 50729 ----a-w- c:\windows\system32\nvModes.dat
2009-06-15 22:22 . 2009-04-06 23:44 -------- d-----w- c:\program files\ComfortKeys
2009-06-12 21:24 . 2007-05-16 01:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 19:22 . 2009-06-12 19:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-12 19:22 . 2009-06-12 19:23 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-12 19:20 . 2007-05-16 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-12 19:07 . 2007-05-16 01:42 -------- d-----w- c:\documents and settings\Dan\Application Data\Symantec
2009-06-12 02:01 . 2009-03-09 22:24 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-02 20:19 . 2009-06-02 20:10 -------- d-----w- c:\program files\iTunes
2009-06-02 20:11 . 2009-06-02 20:11 -------- d-----w- c:\program files\iPod
2009-06-02 20:11 . 2008-04-13 05:15 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 19:25 . 2009-06-02 19:16 -------- d-----w- c:\program files\QuickTime
2009-06-02 18:21 . 2009-06-02 18:21 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 18:36 . 2009-03-25 01:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 18:36 . 2008-04-13 05:18 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 19:46 . 2008-08-26 19:44 -------- d-----w- c:\program files\Winstep
2009-05-25 05:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-23 10:19 . 2009-03-04 01:25 -------- d-----w- c:\program files\mbpowertools
2009-05-21 16:33 . 2009-02-08 04:47 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 20:12 . 2007-05-15 11:11 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-10 06:59 . 2007-05-19 20:14 3870 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-05 11:22 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-04 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
1999-04-08 02:30 . 2008-09-25 16:12 9424 ----a-w- c:\program files\access.exe
2009-04-01 03:47 . 2008-06-19 00:26 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-06-04 21:21 . 2007-06-04 21:21 8 --sh--r- c:\windows\system32\431FD52672.sys
2007-06-19 07:27 . 2007-05-19 20:14 88 --sh--r- c:\windows\system32\556A6558A9.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-02_20.47.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 16:27 . 2009-07-03 16:27 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
+ 2009-07-03 16:27 . 2009-07-03 16:27 16384 c:\windows\Temp\Perflib_Perfdata_210.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"viwc"="c:\windows\system32\viwc.exe" [2007-11-30 329029]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"CursorFX"="c:\program files\Stardock\Object Desktop\CursorFX\CursorFX.exe" [2008-07-07 416768]
"CursorXP"="c:\program files\Stardock\Object Desktop\CursorXP\CursorXP.exe" [2005-01-19 128000]
"NextSTART"="c:\program files\Winstep\nextstart.exe" [2009-05-22 5327414]
"WorkShelf"="c:\program files\Winstep\workshelf.exe" [2009-05-22 10794038]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 610304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-08-12 2468200]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-26 921600]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
CP36 Desktop Widget 2.lnk - c:\program files\Stardock\Object Desktop\DesktopX\Widgets\CP36Widget2.exe [2008-10-12 754176]
Shortcut to iReceiver.lnk - c:\program files\mbpowertools\iReceiver.exe [2009-3-3 266240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-28 10:03 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^Dan^Start Menu^Programs^Startup^CPU Temperature.lnk]
backup=c:\windows\pss\CPU Temperature.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mbpowertools\\iReceiver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16430:TCP"= 16430:TCP:BitComet 16430 TCP
"16430:UDP"= 16430:UDP:BitComet 16430 UDP
"58600:TCP"= 58600:TCP:PandoRest Listening Port
"58517:TCP"= 58517:TCP:PandoRest Listening Port
"34641:TCP"= 34641:TCP:iReceiver
"17019:TCP"= 17019:TCP:BitComet 17019 TCP(ED2K)
"17019:UDP"= 17019:UDP:BitComet 17019 UDP(ED2K)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/12/2009 2:22 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/12/2009 2:22 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/12/2009 2:22 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [6/30/2009 6:38 PM 276344]
R2 ntk3;ntk3;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk3.sys [9/26/2008 6:12 PM 120048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/13/2009 2:36 AM 101936]
R3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [11/11/2003 5:20 PM 183680]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\VCdRom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [6/9/2007 8:11 PM 17408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [3/12/2008 5:47 AM 44928]
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-06-16 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet36002003-04-11 20:25N3AM3F58C6B.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 20:25]

2009-07-04 c:\windows\Tasks\Norton Internet Security - Dan - Full System Scan.job
- c:\program files\Norton Internet Security\Engine\16.5.0.135\Navw32.exe [2009-06-12 19:22]

2009-07-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-04 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-22 20:31]

2009-07-04 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-07-07 14:50]

2008-07-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-07-07 14:50]

2009-07-04 c:\windows\Tasks\User_Feed_Synchronization-{59323948-0449-4CA4-8A9F-8E2594F6A3BD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with Rapidshare Downloader
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with Rapidshare Downloader
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\vnip95rx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\vnip95rx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 04:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\cscui.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(1580)
c:\windows\system32\nview.dll
c:\program files\Stardock\Object Desktop\CursorFX\CurXP0.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-04 4:14
ComboFix-quarantined-files.txt 2009-07-04 09:13
ComboFix2.txt 2009-07-02 21:06

Pre-Run: 1,733,373,952 bytes free
Post-Run: 1,712,242,688 bytes free

289 --- E O F --- 2009-06-12 02:02

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 04 July 2009 - 04:45 AM

From now on the slowness should not be due to malware. How is your computer running?

#9 AeroMonk

AeroMonk
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 05 July 2009 - 11:02 AM

My computer seems to be still just as slow as before.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 05 July 2009 - 01:45 PM

Part of slowness could be due to automatic update features or virus scan scheduled to run at startup. I personally set only my antivirus to update manually.
We will do also a disk check for volume errors.
Please do all the steps fully and in the order they are written.
  • I recommend you to go to the Scheduled Tasks applet in Control Panel and delete all the scheduled tasks (right-click the task you want to delete, and select Delete from the displayed context menu. Click Yes to confirm the deletion).

  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
    • Important: Reboot the computer.
  • To check the volume for errors:
    • Click start and then My Computer.
    • Right click the drive C and select Properties.
    • Under Tools tab press Check Now...
    • Put a check mark in both items and press start.
    • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
    After the disk check is finished and the Windows started:
    • Go to Start => Run => type or copy/paste eventvwr in the run box and click OK.
    • Select Applications section.
    • Click on the Source column to sort the items alphabetically.
    • Search for the Winlogon entry that corresponds to when you ran the check disk.
    • Double-click that entry and you'll find the scan's results there, click the third button on the right, under two arrow keys (this copies the info in the memory to the clipboard).
    • Then open a notepad, right-click in it and and select Paste the content of the clipboard to post it or right -click and paste it to your reply.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 08 July 2009 - 05:45 PM

Are you still there?

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 11 July 2009 - 09:49 AM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users