Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent Slowness


  • This topic is locked This topic is locked
19 replies to this topic

#1 Snyder

Snyder

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 June 2010 - 02:28 AM

For about a month now (outside of system restore range) my computer has been very slow. Upon restarting, it's fine for about an hour and then gradually turns slower to the point where within 24 hours, I'll have to reboot. Flash nearly kills my entire computer at that point, YouTube is unbearable. I'm running Vista Home Basic x86.
I've attached 4 scans.

EDIT: Moved from Vista to Malware Removal Logs forum ~ Hamluis.

Attached Files


Edited by hamluis, 27 June 2010 - 06:32 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 02 July 2010 - 06:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 July 2010 - 04:07 PM

Hi Gringo,
Here are my logs.


Problems that occurred:
When I first was trying to save DeFogger to my desktop, I received a BSoD, I think it was KERNAL_PAGE_STACK_ERROR, I am not 100% sure.
My computer was forced to restart, then was fine.

When I first scanned with RKUnhooker, I received the same error that was listed here: http://www.bleepingcomputer.com/forums/t/327971/driver-irql-not-less-than-or-equal/ - This forced me to reboot of course.
I noticed the error sites "FNNETBOH.sys" (or maybe it's FNETTBOH.sys) but doing a Google search, I found this: http://www.techsupportforum.com/security-c...virus-help.html

In that forum thread, they do some work with "C:\Program Files\TurboHddUsb\TurboHddUsb.exe" - This is also present on my computer, as it was installed with this new external I bought when this problem first started occurring.


I am also experiencing this issue: http://www.bleepingcomputer.com/forums/ind...howtopic=327759

Attached Files


Edited by Snyder, 02 July 2010 - 04:09 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 02 July 2010 - 04:24 PM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 July 2010 - 04:36 PM

I've disabled NOD32 via the GUI but when running ComboFix, it still says it's active. How can I fix this?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 02 July 2010 - 04:37 PM

just keep going


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 July 2010 - 05:11 PM

Here is the log. My computer seems to be running just about the same as it was before.
http://rapidshare.com/files/404579555/ComboFix.txt.html

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 02 July 2010 - 05:56 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
RegNull::
[HKEY_USERS\S-1-5-21-1585551341-1056112771-599072059-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1BE13649-0428-F126-9C77-EF91517401D8}*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 July 2010 - 06:38 PM

Gringo, I seem to be experiencing that same slowness. Just for example, YouTube really bogs me down and so does Skype. It wasn't like this with this computer forever, just recently, otherwise I'd assume it was a RAM issue.
http://rapidshare.com/files/404590983/ComboFix.txt.html

Something else I've noticed is particular changes are sort of... erased when I restart my computer. For example, sometimes if I've turned my antivirus off, I'll restart and it's back on. Or, if I install a new and updated version of the program, often times I'll restart and it's been rolled back. This doesn't happen always though.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 02 July 2010 - 09:51 PM

I can't open that link at work can you try and post the log here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 03 July 2010 - 04:06 PM

I've exceeded the attachment limit, do you recommend I just post the long in quotes? Or will Pastebin work for you?

Edited by Snyder, 03 July 2010 - 04:06 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 03 July 2010 - 05:30 PM

ComboFix 10-07-01.02 - Craig 07/02/2010 19:06:25.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.847 [GMT -4:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
Command switches used :: c:\users\Craig\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-02 23:22 . 2010-07-02 23:23 -------- d-----w- c:\users\Craig\AppData\Local\temp
2010-07-02 23:22 . 2010-07-02 23:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-02 23:22 . 2010-07-02 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-26 22:51 . 2010-06-26 22:51 -------- d-----w- c:\windows\ERUNT
2010-06-26 22:36 . 2010-06-26 22:36 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-06-26 21:46 . 2010-02-26 23:51 6870864 ---ha-w- c:\users\Craig\AppData\Roaming\mjusbsp\in00000\setup.exe
2010-06-26 21:46 . 2010-02-26 23:45 743872 ---ha-w- c:\users\Craig\AppData\Roaming\mjusbsp\ar00000\install.exe
2010-06-23 05:20 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 05:20 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 05:20 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 05:20 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 05:20 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 05:17 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:17 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 19:27 . 2010-06-21 19:33 -------- d-----w- c:\users\Craig\AppData\Roaming\Digsby
2010-06-21 19:27 . 2010-06-21 19:33 -------- d-----w- c:\programdata\Digsby
2010-06-21 19:27 . 2010-06-21 19:33 -------- d-----w- c:\users\Craig\AppData\Local\Digsby
2010-06-21 19:25 . 2010-06-21 19:26 -------- d-----w- c:\program files\Digsby
2010-06-21 18:54 . 2010-06-09 13:58 85464 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-06-21 18:54 . 2010-06-09 13:58 38872 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-06-15 15:01 . 2010-06-15 15:01 -------- d-----w- c:\users\Craig\AppData\Roaming\FireShot
2010-06-15 15:00 . 2009-10-08 14:31 3204096 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2010-06-15 15:00 . 2009-10-07 22:06 106496 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2010-06-15 15:00 . 2009-09-24 01:29 28672 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2010-06-15 15:00 . 2009-03-20 03:57 40960 ----a-w- c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2010-06-13 17:32 . 2010-06-13 17:32 -------- d-----w- c:\users\Craig\AppData\Roaming\Apple Computer
2010-06-12 11:38 . 2010-06-12 11:38 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-12 11:38 . 2010-06-12 11:38 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-10 23:08 . 2010-06-10 23:08 -------- d-----w- c:\programdata\FNET
2010-06-10 23:08 . 2010-06-10 23:08 7040 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-06-10 23:08 . 2010-06-10 23:08 17792 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS
2010-06-10 23:08 . 2010-06-10 23:08 -------- d-----w- c:\program files\TurboHddUsb
2010-06-09 03:13 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 03:12 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 03:12 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 03:12 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-07 01:16 . 2010-06-07 01:16 -------- d-----w- c:\programdata\Backblaze
2010-06-07 01:16 . 2010-06-07 01:16 -------- d-----w- c:\program files\Backblaze
2010-06-03 03:45 . 2010-06-03 03:45 -------- d-----r- c:\users\Craig\AppData\Roaming\Brother

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 22:59 . 2010-03-02 12:52 -------- d-----w- c:\users\Craig\AppData\Roaming\Dropbox
2010-07-02 22:58 . 2010-03-02 15:37 -------- d-----w- c:\program files\Taskbar Shuffle
2010-07-02 22:55 . 2010-03-02 16:18 -------- d-----w- c:\users\Craig\AppData\Roaming\uTorrent
2010-07-01 00:58 . 2010-03-03 22:36 -------- d-----w- c:\users\Craig\AppData\Roaming\Skype
2010-06-29 13:00 . 2010-05-03 18:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-28 21:53 . 2010-03-04 18:14 -------- d-----w- c:\programdata\FLEXnet
2010-06-26 22:45 . 2010-03-02 21:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 21:46 . 2010-03-02 13:40 -------- d-----w- c:\users\Craig\AppData\Roaming\mjusbsp
2010-06-26 06:10 . 2010-05-31 21:22 -------- d-----w- c:\program files\Google
2010-06-24 21:45 . 2010-03-06 16:45 -------- d-----w- c:\program files\Steam
2010-06-23 05:30 . 2010-03-03 07:06 -------- d-----w- c:\program files\Microsoft.NET
2010-06-22 02:20 . 2010-03-02 15:40 -------- d-----w- c:\program files\Heroes of Newerth
2010-06-20 01:35 . 2010-03-05 02:03 -------- d-----w- c:\program files\CamStudio
2010-06-19 17:31 . 2010-03-02 13:06 117760 ----a-w- c:\users\Craig\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-19 17:26 . 2010-03-02 13:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 17:20 . 2010-05-03 18:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 21:27 . 2010-04-28 05:48 -------- d-----w- c:\program files\Paint.NET
2010-06-14 20:45 . 2010-04-09 12:03 -------- d-----w- c:\users\Craig\AppData\Roaming\Ventrilo
2010-06-12 11:38 . 2010-06-12 11:38 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-12 11:38 . 2010-06-12 11:38 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-12 11:38 . 2010-06-12 11:38 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-12 11:38 . 2010-06-12 11:38 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-12 11:38 . 2010-06-12 11:38 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-12 11:38 . 2010-06-12 11:38 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-12 11:38 . 2010-06-12 11:38 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-12 11:38 . 2010-03-03 15:19 -------- d-----w- c:\program files\Common Files\Real
2010-06-12 11:37 . 2010-06-12 11:36 -------- d-----w- c:\program files\real
2010-06-12 11:37 . 2010-06-12 11:37 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-09 03:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 03:37 . 2010-03-02 14:46 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 03:31 . 2010-03-03 15:18 -------- d-----w- c:\program files\mIRC
2010-06-08 02:53 . 2010-03-14 20:56 -------- d-----w- c:\program files\Feed Notifier
2010-06-07 11:55 . 2010-04-04 11:17 -------- d-----w- c:\program files\America Online 8.0
2010-06-04 06:37 . 2010-03-15 03:20 -------- d-----w- c:\program files\Opera
2010-06-04 06:25 . 2010-03-02 16:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 06:45 . 2010-03-02 15:07 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 06:45 . 2010-03-02 15:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 06:43 . 2010-06-02 06:43 319488 ----a-w- c:\windows\HideWin.exe
2010-06-01 10:09 . 2010-03-02 15:32 -------- d-----w- c:\program files\Orbit Downloader
2010-06-01 09:45 . 2010-03-02 14:51 -------- d-----w- c:\users\Craig\AppData\Roaming\Winamp
2010-06-01 09:45 . 2010-03-02 15:13 -------- d-----w- c:\users\Craig\AppData\Roaming\IrfanView
2010-05-27 22:41 . 2010-05-27 22:36 -------- d--h--w- c:\program files\Temp
2010-05-25 20:32 . 2010-03-02 16:28 -------- d-----w- c:\program files\Microsoft
2010-05-23 01:59 . 2010-03-02 16:18 -------- d-----w- c:\program files\uTorrent
2010-05-21 18:14 . 2010-03-02 14:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 20:27 . 2010-05-13 16:10 -------- d-----w- c:\programdata\NVIDIA
2010-05-16 11:14 . 2010-05-16 11:14 -------- d-----w- c:\program files\Sunbelt Software
2010-05-14 04:54 . 2010-05-13 02:34 -------- d-----w- c:\users\Craig\AppData\Roaming\SecondLife
2010-05-13 15:28 . 2010-05-13 15:25 -------- d-----w- c:\users\Craig\AppData\Roaming\Alchemy Mindworks
2010-05-13 11:55 . 2010-04-30 06:53 -------- d-----w- c:\users\Craig\AppData\Roaming\ZumoDrive
2010-05-13 11:41 . 2010-05-13 11:41 -------- d-----w- c:\program files\DebugMode
2010-05-13 02:34 . 2010-05-13 02:33 -------- d-----w- c:\program files\Second Life
2010-05-11 21:10 . 2010-04-10 08:54 -------- d-----w- c:\program files\Continuum
2010-05-11 20:53 . 2010-05-11 20:47 -------- d-----w- c:\users\Craig\AppData\Roaming\NiftyStats
2010-05-11 20:47 . 2010-05-11 20:47 707354 ----a-w- c:\users\Craig\AppData\Roaming\NiftyStats\unins000.exe
2010-05-08 00:42 . 2010-05-07 21:15 -------- d-----w- c:\users\Craig\AppData\Roaming\RJ TextEd
2010-05-08 00:42 . 2010-05-07 21:15 -------- d-----w- c:\program files\RJ TextEd
2010-05-07 02:09 . 2010-05-06 16:35 -------- d-----w- c:\program files\WhatPulse
2010-05-04 05:59 . 2010-06-09 03:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 03:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 03:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 03:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 02:15 . 2010-03-02 15:32 -------- d-----w- c:\users\Craig\AppData\Roaming\Orbit
2010-04-28 22:07 . 2010-04-28 22:07 766 ----a-r- c:\users\Craig\AppData\Roaming\Microsoft\Installer\{1B485419-875B-428D-816B-2F6627815D7A}\_42fe7987.exe
2010-04-25 08:05 . 2010-03-02 12:34 255920 ----a-w- c:\users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 14:13 . 2010-05-25 20:07 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 05:17 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 05:17 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 05:17 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 05:17 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 05:50 . 2010-04-30 06:52 147416 ----a-w- c:\windows\system32\drivers\cbfs.sys
2010-04-13 19:34 . 2010-04-13 19:20 50 ----a-w- c:\windows\system32\bridf08b.dat
2010-04-09 07:45 . 2010-03-02 16:53 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWA\unins000.exe
2010-04-08 05:50 . 2010-04-08 05:50 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-04-08 05:50 . 2010-04-08 05:50 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-04-08 05:50 . 2010-04-08 05:50 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-04-08 05:50 . 2010-04-08 05:50 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-04-08 05:50 . 2010-04-08 05:50 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-04-08 05:50 . 2010-04-08 05:50 3355328 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-04-07 20:20 . 2010-04-07 20:20 10920 ----a-w- C:\aolconnfix.exe
2010-04-04 11:01 . 2010-04-04 10:42 57344 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\ocp\ocpchk.dll
2010-04-04 11:01 . 2010-04-04 10:41 748608 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\ocp\ocpinst.exe
2010-04-04 10:59 . 2010-04-04 10:39 553984 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\flash\flashax.exe
2010-04-04 10:58 . 2010-04-04 10:39 3183256 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\acs\acssetup.exe
2010-04-04 10:58 . 2010-04-04 10:39 17920 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\coach\acpver.dll
2010-04-04 10:58 . 2010-04-04 10:38 615424 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\coach\aolcinst.exe
2010-04-04 10:57 . 2010-04-04 10:38 12288 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\tb\tbinst.dll
2010-04-04 10:57 . 2010-04-04 10:37 516032 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\tb\tbsetup.exe
2010-04-04 10:57 . 2010-04-04 10:37 40960 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\sysinfo\sindinst.dll
2010-04-04 10:57 . 2010-04-04 10:37 474200 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\sysinfo\sinfinst.exe
2010-04-04 10:56 . 2010-04-04 10:37 307289 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\asp\aspcheck.dll
2010-04-04 10:56 . 2010-04-04 10:36 7083361 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\asp\aspsetup.exe
2010-04-04 10:55 . 2010-04-04 10:35 590688 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\tpspd\tssetup.exe
2010-04-04 10:55 . 2010-04-04 10:35 49152 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\vwpt\aolvpchk.dll
2010-04-04 10:55 . 2010-04-04 10:35 61440 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\vwpt\vpprepop.exe
2010-04-04 10:55 . 2010-04-04 10:34 3858056 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\vwpt\vwpt.exe
2010-04-04 10:54 . 2010-04-04 10:34 57344 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\comps\tpspd\tsverchk.dll
2010-04-04 10:50 . 2010-04-04 10:26 792664 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\setup90.exe
2010-04-04 10:42 . 2010-04-04 10:42 170 ----a-w- c:\programdata\AOL Downloads\itunes_setupSTUS\itunessetup.exe
2010-02-24 01:59 . 2010-03-06 03:40 642560 ----a-w- c:\program files\Common Files\SetupDLL.dll
2010-03-04 22:04 . 2010-03-04 21:58 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-02_21.59.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-07-02 20:34 . 2010-07-02 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-02 22:14 . 2010-07-02 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-02 22:14 . 2010-07-02 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-02 20:34 . 2010-07-02 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-04-16 05:53 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-04-16 05:53 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-04-16 05:53 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-04-16 05:53 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-04-16 05:53 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAlert"="c:\program files\MassGrid\GAlert\GAlert.exe" [2007-12-22 969728]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"F.lux"="c:\users\Craig\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2009-10-16 424688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]

c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2008-04-09 22:10 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Craig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Feed Notifier.lnk]
path=c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk
backup=c:\windows\pss\Feed Notifier.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Craig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Craig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WhatPulse.lnk]
path=c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WhatPulse.lnk
backup=c:\windows\pss\WhatPulse.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-01-19 12:37 1150976 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
2007-08-10 18:38 81920 ----a-w- c:\program files\Hercules\Deluxe Optical Glass\CamService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-02-26 23:43 50520 ----a-w- c:\users\Craig\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2009-01-09 19:53 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2009-11-15 19:59 158752 ----a-w- c:\program files\Freecorder\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multiplicity]
2008-12-13 19:56 2508080 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\multipl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-23 01:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-04-05 02:32 2938552 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-06-12 11:36 488968 ----a-w- c:\program files\real\realplayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shadow Defender Daemon]
2010-02-09 02:37 253132 ----a-w- c:\program files\Shadow Defender\DefenderDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TK8 StickyNotes]
2010-01-21 03:16 9136976 ----a-w- c:\program files\TK8 StickyNotes\TK8StickyNotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-12 11:36 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
2010-06-10 23:08 3327488 ----a-w- c:\program files\TurboHddUsb\TurboHddUsb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmagent.exe]
2009-10-19 11:47 210400 ----a-w- c:\program files\WebMoney Agent\wmagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
2010-04-30 06:52 1780 ----a-w- c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:8a,a0,f0,fb,69,ba,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1585551341-1056112771-599072059-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [2009-09-12 5120]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
R3 Multiplicity;Stardock Multiplicity;c:\program files\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe [2008-02-01 242936]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3724760]
R3 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-03-17 220128]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 136176]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 diskpt;diskpt;c:\windows\SYSTEM32\drivers\diskpt.sys [2010-02-08 191432]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-03-17 15328]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-04-16 147416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-06-10 7040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-02-13 123280]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-02-13 41680]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-06-10 17792]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-10-16 114928]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-13 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-02-13 110096]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 10:51]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 10:51]

2010-06-29 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-06-19 19:31]

2010-06-30 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-06-19 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - component: c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\1h387gke.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 19:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x4D000000

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1092)
c:\program files\Zecter\ZumoDrive\ShellExt.dll
c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Completion time: 2010-07-02 19:28:59
ComboFix-quarantined-files.txt 2010-07-02 23:28
ComboFix2.txt 2010-07-02 22:05

Pre-Run: 260,142,407,680 bytes free
Post-Run: 260,079,120,384 bytes free

- - End Of File - - 31C63C29A9B4E2AB82A020C5FCD23828

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 03 July 2010 - 05:33 PM

Huh? So you want me to paste it here or is that what you just did?

Edited by Snyder, 03 July 2010 - 05:34 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 PM

Posted 03 July 2010 - 05:37 PM

That is what I just did. going over the log now be back soon


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Snyder

Snyder
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 05 July 2010 - 06:39 AM

Did you manage to catch anything, Gringo?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users