Active unknown virus/ slow computer

[Active] unknown virus/ slow computer

hi

my computer shuts down like every 30 mins or so and i can't seem to stop it. a random box will pop up saying one of the programs my laptop runs off is off which causes the shut down to occur. my laptop also downloaded something on it own without me doing anything.

my boyfriend came over and tried to fix it but i want to make sure if it's really gone. my laptop is also very slow now. i took everything out of it in case i have to reformat it. my friend told me to do so.

can someone please help me and check if the virus is still in my laptop? and is there any way i can make my laptop run faster?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:46 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=2fa3db99-5388-42d6-8831-8462104dad83&s=&ipc=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Svupew] rundll32.exe "C:\WINDOWS\Bzatumokaba.dll ",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://pdc.resnet.stonybrook.edu/sav/webinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8667 bytes

thanks

 

Hi imandy and Welcome to the Forums

Restart the Computer in Safe Mode.....F8 Key when windows starts loading,choose your user account to login with please.

Once in Safe Mode,Right Click the Start button and select "Explorer All Users "

Now locate each of the files below and delete them if they exist

C:\WINDOWS\Bzatumokaba.dll<-- This file only

C:\WINDOWS\System32\msiconf.exe<-- This file only

This folder as well

C:\Program Files\Rapid Antivirus

Run HijackThis and "Do a System Scan Only "

Place a check by each of the entries below

O4 - HKLM\..\Run: [Svupew] rundll32.exe "C:\WINDOWS\Bzatumokaba.dll ",e

O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')

O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')

O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)

Make sure all other windows are closed and click "Fix Checked "

Restart the Computer in Normal Mode and post a fresh HijackThis log.

Next,follow the directions in the link below and run the Kaspersky Online Scan please.
http://www.windowsbbs.com/malware-virus-removal/67767-useful-information.html

Once its complete,post those results as well.

 

hi. my laptop is having problems with going on the internet so i had to use my dad's laptop and transfer the hijackthis log. i also can't do the online scan. is there another scan i can do that will help?

this is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:10 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=2fa3db99-5388-42d6-8831-8462104dad83&s=&ipc=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Uvahukop] rundll32.exe "C:\WINDOWS\umeqaxalaza.dll ",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe "
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://pdc.resnet.stonybrook.edu/sav/webinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11417 bytes

thanks

 

Whats the exact issues with the internet for the problem PC?

Go ahead and follow the instructions in the link below to run RSIT and post that log,lets get a closer look at what is going on inside there.
http://www.windowsbbs.com/malware-virus-removal/announcements.html

 

i also have a problem with my laptop fan. it's an inspiron 710m and it all of a sudden stopped working. i used the diagnostics on my latop to see if it was working and it said it wasn't. two days ago, my fan was making loud noises, vibrating my whole laptop and now it stopped. i looked online and it said i should clean it with airspray so i did. it stopped after so i thought it was fixed but now it seems like the fan is broken or something. is it another virus or do i really have to get a new fan installed?

i also can't go any websites that have to do with Antivirus. I have norton security antivirus program and it blocks it from activating, connecting to the norton site to update, or anything else. i also can't download any AV programs to help fix the problem. i also noticed i can't do "restore to last point" on my laptop. something is blocking it.

i have a combofix log.

ComboFix 09-01-02.01 - Mandy 2009-01-04 16:54:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1006.657 [GMT -5:00]
Running from: c:\documents and settings\Mandy\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cbXNGvWo.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaynmwotye.sys
c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\prunnet.exe
c:\windows\system32\seneka.dat
c:\windows\system32\senekaasnavsfd.dll
c:\windows\system32\senekadf.dat
c:\windows\system32\senekakridinbn.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaspkcxedo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV
-------\Legacy_TDSSSERV
-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 23:20 . 2009-01-03 23:20 134,144 --a------ c:\windows\umeqaxalaza.dll
2009-01-03 22:59 . 2009-01-03 22:59 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-03 22:59 . 2009-01-03 22:59 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-03 22:59 . 2009-01-03 22:58 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-03 22:59 . 2009-01-03 22:59 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-03 22:59 . 2009-01-03 22:59 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-03 22:56 . 2009-01-03 22:57 <DIR> d-------- c:\program files\NortonInstaller
2009-01-03 22:49 . 2009-01-03 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-02 15:41 . 2009-01-02 15:41 40,448 --a------ c:\windows\system32\k9261108.exe
2009-01-02 15:38 . 2009-01-02 15:38 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 22:19 . 2008-12-10 03:36 256 --a------ c:\windows\system32\pool.bin
2008-12-09 22:04 . 2008-12-09 22:04 <DIR> d-------- c:\documents and settings\Mandy\Application Data\InstallShield
2008-12-09 21:54 . 2008-12-09 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-09 21:49 . 2008-12-21 03:48 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-09 21:49 . 2008-12-21 03:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-09 21:41 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-12-09 21:39 . 2008-12-21 03:38 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-12-09 21:35 . 2008-12-09 21:35 <DIR> d--hs---- c:\windows\ftpcache
2008-12-08 12:28 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-08 12:28 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-08 12:27 . 2008-12-08 12:28 <DIR> d-------- c:\program files\iTunes
2008-12-08 12:27 . 2008-12-08 12:27 <DIR> d-------- c:\program files\iPod
2008-12-08 12:27 . 2008-12-08 12:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\documents and settings\Mandy\Application Data\Media Player Classic
2008-12-07 13:09 . 2008-12-08 12:27 <DIR> d-------- c:\program files\QuickTime Alternative
2008-12-07 13:09 . 2008-12-07 13:09 <DIR> d-------- c:\program files\Media Player Classic
2008-12-04 22:28 . 2008-12-04 22:28 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 21:49 --------- d-----w c:\documents and settings\Mandy\Application Data\U3
2009-01-04 04:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-04 04:09 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-04 03:59 --------- d-----w c:\program files\Symantec
2009-01-04 03:52 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-02 20:38 --------- d-----w c:\program files\Lavasoft
2009-01-02 00:09 --------- d-----w c:\program files\COMODO
2008-12-28 04:24 --------- d-----w c:\program files\mIRC
2008-12-23 12:08 --------- d-----w c:\program files\DC++
2008-12-21 09:44 --------- d-----w c:\program files\PokerStars
2008-12-21 08:47 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-21 08:35 --------- d-----w c:\program files\Any Video Converter Professional
2008-12-21 08:35 --------- d-----w c:\documents and settings\Mandy\Application Data\Any Video Converter Professional
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-08 17:27 --------- d-----w c:\program files\Common Files\Apple
2008-12-07 18:09 --------- d-----w c:\documents and settings\Mandy\Application Data\Apple Computer
2008-12-07 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-04 01:49 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-04 01:49 --------- d-----w c:\program files\AVS4YOU
2008-12-04 01:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 01:19 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-12-04 01:19 --------- d-----w c:\program files\Gabest
2008-12-04 01:19 --------- d-----w c:\program files\AviSynth 2.5
2008-12-04 00:36 --------- d-----w c:\documents and settings\Mandy\Application Data\Pavtube
2008-12-03 23:35 --------- d-----w c:\documents and settings\Mandy\Application Data\MPEG Streamclip
2008-12-03 22:54 --------- d-----w c:\program files\Veoh Networks
2008-12-03 03:21 --------- d-----w c:\documents and settings\Mandy\Application Data\ImTOO Software Studio
2008-12-03 03:07 --------- d-----w c:\documents and settings\Mandy\Application Data\AVS4YOU
2008-12-03 03:07 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-25 02:10 --------- d-----w c:\program files\WebCyberCoach
2008-11-25 02:10 --------- d-----w c:\program files\Real Alternative
2008-11-25 02:10 --------- d-----w c:\program files\NetWaiting
2008-11-25 02:10 --------- d-----w c:\program files\Modem Helper
2008-11-25 02:10 --------- d-----w c:\program files\Microsoft Works
2008-11-25 02:10 --------- d-----w c:\program files\Microsoft Digital Image 2006
2008-11-25 02:10 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-25 02:07 --------- d-----w c:\program files\Creative
2008-11-25 02:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 18:53 --------- d-----w c:\program files\AIM6
2008-11-24 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-24 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-24 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2006-10-18 21:36 2,850 ----a-w c:\documents and settings\Mandy\Application Data\wklnhst.dat
2006-10-01 02:44 88 --sh--r c:\windows\system32\024D3846D7.sys
2007-08-13 20:30 56 -csh--r c:\windows\system32\D746384D02.sys
2007-08-13 20:31 6,372 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-19 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"VeohPlugin "= "c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Uvahukop "= "c:\windows\umeqaxalaza.dll" [2009-01-03 134144]

c:\documents and settings\Mandy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-05-04 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3 "= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32 "= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\DC++\\DCPlusPlus.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\AIM6\\aolsoftware.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-01-03 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-01-03 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-01-03 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-03 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-03 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-01-03 115560]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-14 24652]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys --> c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31bfe0d0-b2b0-11dd-95d3-001422a682c9}]
\Shell\Auto\command - MSInfnd.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
HKLM-Run-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=2fa3db99-5388-42d6-8831-8462104dad83&s=&ipc=
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk

c:\windows\Downloaded Program Files\CNICAT.ocx - O16 -: {C190FF32-96D0-445F-9F60-5CF288FD3D0F}
hxxps://register.resnet.stonybrook.edu/CAT/CNICAT.cab

c:\windows\Downloaded Program Files\WebInst.Dll - O16 -: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC}
hxxp://pdc.resnet.stonybrook.edu/sav/webinst.cab
FF - ProfilePath - c:\documents and settings\Mandy\Application Data\Mozilla\Firefox\Profiles\1f5usaed.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - .

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 16:59:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1 "

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\seneka]
"imagepath "= "\systemroot\system32\drivers\senekaynmwotye.sys "
--

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv]
"imagepath "= "\systemroot\system32\drivers\TDSSserv.sys "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-01-04 17:00:38
ComboFix-quarantined-files.txt 2009-01-04 21:59:58

Pre-Run: 55,924,420,608 bytes free
Post-Run: 55,991,398,400 bytes free

288 --- E O F --- 2008-12-18 01:16:43

 

Hi again Mandy,

Probably best thing you could have done at this point was use ComboFix,so no need to worry about RSIT right now.

Gimmie a bit to look over your results but while your waiting,can you tell me which of the 2 Security/Antivirus Apps you have onboard,which is the one you really use?

Are either paid for and kept up to date,if so,which?

You will need to remove the one you have no use for and most likely will need the Uninstaller from that Vendor.

Let me know please and Ill be back asap with a little more work for ya.

 

hi

thanks for helping me. i just downloaded Norton Internet Security 2009 on my laptop because i deleted Comodo firewall (it kept getting shut down by the virus). Norton Internet Security 2009 has antivirus, antispyware, smart firewall, and etc.

i turned on my windows firewall and Norton window popped up saying Norton Firewall works best when the windows firewall is off (even though it is recommended to have the windows firewall on). should i leave it off or on?

To check if I have viruses/malwares, i use Lavasoft Adaware and Malwarebytes' Anti-Malware. I deleted Symantec Antivirus because i couldn't download Norton Internet Security without it gone. I use both programs to check if i have anything wrong, hoping one will find something the other didn't find.

Norton Internet Security 2009 is the paid one and i'm suppose to keep it up to date but i can't have any internet access (to any site dealing with AV and such).

thanks

 

Copy the text in the code box below to notepad and save it with the name CFScript.txt

Code:

Driver::
McShield
McSysmon
File::
c:\windows\umeqaxalaza.dll
c:\windows\system32\k9261108.exe
Folder::
C:\Program Files\McAfee
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Uvahukop "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31bfe0d0-b2b0-11dd-95d3-001422a682c9}]

Now drag this new txt file on top of ComboFix and it will run the script for you,possibly needing to reboot.

Let it run its course and post the resulting log please.

Also go to add/remove programs and remove "Viewpoint "

It would be best to leave Windows Firewall disabled if your using Norton Internet Security.

After this,you should be able to get the machine back on the internet and navigate normally,let me know if you find different.

 

this is the resulting log:

ComboFix 09-01-05.03 - Mandy 2009-01-05 18:15:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1006.544 [GMT -5:00]
Running from: c:\documents and settings\Mandy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mandy\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Norton Internet Security *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\k9261108.exe
c:\windows\umeqaxalaza.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\k9261108.exe
c:\windows\umeqaxalaza.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCSHIELD
-------\Legacy_MCSYSMON
-------\Service_McShield
-------\Service_McSysmon


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-03 22:59 . 2009-01-03 22:59 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-03 22:59 . 2009-01-03 22:59 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-03 22:59 . 2009-01-03 22:58 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-03 22:59 . 2009-01-03 22:59 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-03 22:59 . 2009-01-03 22:59 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-03 22:58 . 2009-01-03 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-03 22:56 . 2009-01-03 22:57 <DIR> d-------- c:\program files\NortonInstaller
2009-01-03 22:49 . 2009-01-03 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-02 16:03 . 2009-01-02 16:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1NTYyMDV8_
2009-01-02 15:38 . 2009-01-02 15:38 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 22:19 . 2008-12-10 03:36 256 --a------ c:\windows\system32\pool.bin
2008-12-09 22:04 . 2008-12-09 22:04 <DIR> d-------- c:\documents and settings\Mandy\Application Data\InstallShield
2008-12-09 21:54 . 2008-12-09 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-09 21:49 . 2008-12-21 03:48 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-09 21:49 . 2008-12-21 03:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-09 21:41 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-12-09 21:39 . 2008-12-21 03:38 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-12-09 21:35 . 2008-12-09 21:35 <DIR> d--hs---- c:\windows\ftpcache
2008-12-08 12:28 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-08 12:28 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-08 12:27 . 2008-12-08 12:28 <DIR> d-------- c:\program files\iTunes
2008-12-08 12:27 . 2008-12-08 12:27 <DIR> d-------- c:\program files\iPod
2008-12-08 12:27 . 2008-12-08 12:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\documents and settings\Mandy\Application Data\Media Player Classic
2008-12-07 13:09 . 2008-12-08 12:27 <DIR> d-------- c:\program files\QuickTime Alternative
2008-12-07 13:09 . 2008-12-07 13:09 <DIR> d-------- c:\program files\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 21:49 --------- d-----w c:\documents and settings\Mandy\Application Data\U3
2009-01-04 04:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-04 04:09 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-04 03:59 --------- d-----w c:\program files\Symantec
2009-01-04 03:52 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-02 20:38 --------- d-----w c:\program files\Lavasoft
2009-01-02 00:09 --------- d-----w c:\program files\COMODO
2008-12-28 04:24 --------- d-----w c:\program files\mIRC
2008-12-23 12:08 --------- d-----w c:\program files\DC++
2008-12-21 09:44 --------- d-----w c:\program files\PokerStars
2008-12-21 08:47 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-21 08:35 --------- d-----w c:\program files\Any Video Converter Professional
2008-12-21 08:35 --------- d-----w c:\documents and settings\Mandy\Application Data\Any Video Converter Professional
2008-12-08 17:27 --------- d-----w c:\program files\Common Files\Apple
2008-12-07 18:09 --------- d-----w c:\documents and settings\Mandy\Application Data\Apple Computer
2008-12-07 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-05 03:28 --------- d-----w c:\program files\Bonjour
2008-12-04 01:49 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-04 01:49 --------- d-----w c:\program files\AVS4YOU
2008-12-04 01:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 01:19 --------- d-----w c:\program files\Gabest
2008-12-04 01:19 --------- d-----w c:\program files\AviSynth 2.5
2008-12-04 00:36 --------- d-----w c:\documents and settings\Mandy\Application Data\Pavtube
2008-12-03 23:35 --------- d-----w c:\documents and settings\Mandy\Application Data\MPEG Streamclip
2008-12-03 22:54 --------- d-----w c:\program files\Veoh Networks
2008-12-03 03:21 --------- d-----w c:\documents and settings\Mandy\Application Data\ImTOO Software Studio
2008-12-03 03:07 --------- d-----w c:\documents and settings\Mandy\Application Data\AVS4YOU
2008-12-03 03:07 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-25 02:10 --------- d-----w c:\program files\WebCyberCoach
2008-11-25 02:10 --------- d-----w c:\program files\Real Alternative
2008-11-25 02:10 --------- d-----w c:\program files\NetWaiting
2008-11-25 02:10 --------- d-----w c:\program files\Modem Helper
2008-11-25 02:10 --------- d-----w c:\program files\Microsoft Works
2008-11-25 02:10 --------- d-----w c:\program files\Microsoft Digital Image 2006
2008-11-25 02:10 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-25 02:07 --------- d-----w c:\program files\Creative
2008-11-25 02:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 18:53 --------- d-----w c:\program files\AIM6
2008-11-24 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-24 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-24 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2006-10-18 21:36 2,850 ----a-w c:\documents and settings\Mandy\Application Data\wklnhst.dat
2006-10-01 02:44 88 --sh--r c:\windows\system32\024D3846D7.sys
2007-08-13 20:30 56 -csh--r c:\windows\system32\D746384D02.sys
2007-08-13 20:31 6,372 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-19 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_16.59.24.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-05 23:20:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"VeohPlugin "= "c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

c:\documents and settings\Mandy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-05-04 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3 "= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32 "= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\DC++\\DCPlusPlus.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\AIM6\\aolsoftware.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-01-03 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-01-03 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-01-03 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2009-01-05 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-03 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-01-03 115560]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-14 24652]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys --> c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=2fa3db99-5388-42d6-8831-8462104dad83&s=&ipc=
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk

c:\windows\Downloaded Program Files\CNICAT.ocx - O16 -: {C190FF32-96D0-445F-9F60-5CF288FD3D0F}
hxxps://register.resnet.stonybrook.edu/CAT/CNICAT.cab

c:\windows\Downloaded Program Files\WebInst.Dll - O16 -: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC}
hxxp://pdc.resnet.stonybrook.edu/sav/webinst.cab
FF - ProfilePath - c:\documents and settings\Mandy\Application Data\Mozilla\Firefox\Profiles\1f5usaed.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - .

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 18:19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1432)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2009-01-05 18:23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 23:23:36
ComboFix2.txt 2009-01-04 22:00:39

Pre-Run: 55,883,816,960 bytes free
Post-Run: 55,688,728,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

276 --- E O F --- 2008-12-18 01:16:43

thanks for helping me out. im able to go on the internet. oh and which "viewpoint "? because there's three different ones. There's "Viewpoint Manager," "Viewpoint Media Player," and "Viewpoint Toolbar.

do you by any chance know whats wrong with my fan? because it suddenly stopped working. 3-4 nights ago it started to make big purring vibrating noises. then 2 days ago, i did the air spray to clean the dust out (my uncle said it should make it work) and it stopped making the noise. what i didn't know was my fan isn't moving at all now. do you know if there's a way to make it start working again? because i saw on other sites that there's a button Fn + Z that makes the fan go faster or slower. i tried that but im sure if that works or not.

thanks again

 

Hardware issues have never been my cup of tea at all,I know less about laptops except how to throw them across a room.

As for Viewpoint,Id remove all 3 items in Add\Remove as you probably will never have a use for them.

For now,Id suggest leaving the machine as is and possibly seeing if there is someone close that can visibly look at the laptop and open up the backside to be sure the fans connections are in tact.

Id not be surprised if the fan has just quit,I think this is one of the more common issues in a laptop.

Let me know if there is someone local you can depend on to have a peek at the inside of the laptop?

 

thanks for helping me.

i asked my boyfriend and a friend to check up on my laptop. they're both afraid of breaking it but they both said they'll try to fix it. (my friend built his own computer but with laptops, he's not that experience with it)

hopefully it's just something that's blocking the fan. i really don't want to purchase a new fan. thanks again.