Active PC & Browser very sluggish and freezes up.

johnd1 · 2008/12/11

[Active] PC & Browser very sluggish and freezes up.

Hello,

I realize i only have 512mb of memory but my computer is substantially slower than normal and when i open my browser it takes forever. I have ordered 2GB of memory which i desperately needed, but i believe i have something loaded on the pc that is bogging it down. Today i downloaded Malwarebytes and that seem to clean up a few things and the computer is performing a little better. Please take a look at the logs, thanks in advance for you time and support.

Logfile of random's system information tool 1.04 (written by random/random)
Run by John at 2008-12-11 15:21:44
Microsoft Windows XP Professional Service Pack 3
System drive D: has 2 GB (17%) free of 10 GB
Total RAM: 512 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:46 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVAST Virus Protection\aswUpdSv.exe
C:\Program Files\AVAST Virus Protection\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Virus Protection\ashMaiSv.exe
C:\Program Files\AVAST Virus Protection\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\ActiveSync\wcescomm.exe
c:\PROGRA~2\ACTIVE~1\rapimgr.exe
C:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
D:\WINDOWS\System32\LVComsX.exe
D:\Documents and Settings\John\Desktop\RSIT.exe
C:\Program Files\trend micro\John.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkedin.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "c:\program files\ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\PROGRA~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\PROGRA~2\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\PROGRA~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.filehippo.com
O15 - Trusted Zone: http://www.mortgagemarketguide.com
O15 - Trusted Zone: http://profile.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://www.pleasantonpony.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209137505781
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://northpoint.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_28.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: enmhytg - enmhytg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AVAST Virus Protection\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AVAST Virus Protection\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AVAST Virus Protection\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AVAST Virus Protection\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe

--
End of file - 8332 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
D:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{83F4F7A1-000B-4D4D-A342-6C1D0F7FD3AE}.job
D:\WINDOWS\tasks\WorkCenter LOS Sync.job
D:\WINDOWS\tasks\WorkCenter Schedule Sync.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-13 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-08 68856]
"H/PC Connection Agent "=c:\program files\ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Advanced SystemCare 3 "=C:\Program Files\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\enmhytg]
enmhytg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4gbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4gbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\WINDOWS\system32\sessmgr.exe "= "D:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"D:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe "= "D:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client "
"D:\Program Files\Messenger\msmsgs.exe "= "D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"D:\Program Files\Logitech\Video\Launcher.exe "= "D:\Program Files\Logitech\Video\Launcher.exe:*:Enabled:Logitech QuickCam "
"D:\Program Files\xerox\Messenger\YahooMessenger.exe "= "D:\Program Files\xerox\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"D:\Program Files\xerox\Messenger\YServer.exe "= "D:\Program Files\xerox\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files 2\LimeWire\LimeWire.exe "= "C:\Program Files 2\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\ActiveSync\rapimgr.exe "= "C:\Program Files\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\ActiveSync\wcescomm.exe "= "C:\Program Files\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\ActiveSync\WCESMgr.exe "= "C:\Program Files\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe "= "C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*isabled:Age of Mythology - The Titans Expansion "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\ActiveSync\rapimgr.exe "= "C:\Program Files\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\ActiveSync\wcescomm.exe "= "C:\Program Files\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\ActiveSync\WCESMgr.exe "= "C:\Program Files\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

======List of files/folders created in the last 3 months======

2008-12-11 14:56:19 ----D---- C:\Program Files\trend micro
2008-12-11 14:56:16 ----D---- D:\rsit
2008-12-11 11:33:43 ----D---- D:\Documents and Settings\John\Application Data\Malwarebytes
2008-12-11 11:33:33 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 11:33:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-11 07:21:29 ----A---- D:\WINDOWS\system32\MRT.INI
2008-12-10 14:35:51 ----HDC---- D:\WINDOWS\$NtUninstallKB955839$
2008-12-10 14:34:57 ----HDC---- D:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 14:34:27 ----HDC---- D:\WINDOWS\$NtUninstallKB954600$
2008-12-10 14:34:14 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$
2008-12-08 02:32:39 ----D---- D:\Documents and Settings\John\Application Data\IObit
2008-12-08 02:32:38 ----D---- C:\Program Files\Advanced SystemCare 3
2008-12-08 02:14:28 ----D---- D:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-16 08:07:38 ----D---- D:\Documents and Settings\John\Application Data\Snapfish
2008-11-12 10:59:18 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2008-11-12 10:58:31 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2008-11-12 10:58:18 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2008-11-12 10:57:34 ----D---- C:\Program Files\MSXML 4.0
2008-10-24 10:36:52 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-21 20:45:56 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-20 09:03:38 ----D---- D:\Documents and Settings\All Users\Application Data\Apple
2008-10-16 07:10:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-16 07:10:36 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-16 07:10:28 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-16 07:09:42 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-16 07:08:52 ----A---- D:\WINDOWS\imsins.BAK
2008-10-16 07:08:35 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-13 11:31:44 ----D---- D:\Documents and Settings\John\Application Data\ePASS
2008-10-13 10:09:42 ----D---- C:\Program Files\MeridianLink
2008-10-11 09:17:59 ----D---- C:\Program Files\Encompass
2008-10-11 08:37:54 ----D---- C:\Program Files\Lavasoft
2008-10-11 08:36:35 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2008-09-30 16:43:34 ----A---- D:\WINDOWS\system32\msxml4.dll
2008-09-13 06:27:28 ----A---- D:\WINDOWS\system32\javaws.exe
2008-09-13 06:27:28 ----A---- D:\WINDOWS\system32\javaw.exe
2008-09-13 06:27:28 ----A---- D:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 3 months======

2008-12-11 14:56:35 ----D---- D:\WINDOWS\system32\CatRoot2
2008-12-11 13:41:36 ----D---- D:\WINDOWS\Temp
2008-12-11 12:41:03 ----D---- D:\WINDOWS\system32\drivers
2008-12-11 12:15:52 ----D---- D:\WINDOWS\system32
2008-12-11 12:15:52 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 12:11:56 ----D---- C:\Program Files\AVAST Virus Protection
2008-12-11 12:10:06 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-12-11 08:45:36 ----D---- C:\Program Files\HIJACKTHIS (SPYWARE REMOVAL)
2008-12-10 15:31:49 ----D---- D:\WINDOWS
2008-12-10 15:30:51 ----D---- C:\Program Files\internet explorer
2008-12-10 14:36:11 ----SHD---- D:\WINDOWS\Installer
2008-12-10 14:35:54 ----HD---- D:\WINDOWS\inf
2008-12-10 14:35:39 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-12-10 14:35:25 ----D---- D:\WINDOWS\ie7updates
2008-12-10 14:35:24 ----D---- D:\WINDOWS\Prefetch
2008-12-10 14:35:19 ----HD---- D:\WINDOWS\$hf_mig$
2008-12-10 14:10:36 ----D---- D:\Documents and Settings\All Users\Application Data\pdf995
2008-12-09 15:24:37 ----A---- D:\WINDOWS\system32\MRT.exe
2008-12-08 02:43:05 ----D---- D:\WINDOWS\system32\CatRoot
2008-12-08 01:22:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-08 01:17:57 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-26 09:21:30 ----A---- D:\WINDOWS\system32\aswBoot.exe
2008-11-17 10:28:21 ----D---- D:\Documents and Settings\John\Application Data\WebEx
2008-11-17 10:27:23 ----SD---- D:\WINDOWS\Downloaded Program Files
2008-11-15 05:46:17 ----D---- D:\WINDOWS\Help
2008-11-12 15:49:36 ----SHD---- D:\RECYCLER
2008-11-12 10:57:34 ----D---- D:\WINDOWS\WinSxS
2008-10-23 04:36:14 ----A---- D:\WINDOWS\system32\gdi32.dll
2008-10-23 02:06:59 ----N---- D:\WINDOWS\system32\tzchange.exe
2008-10-20 09:03:41 ----SD---- D:\WINDOWS\Tasks
2008-10-17 02:08:40 ----A---- D:\WINDOWS\system32\mshtml.dll
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- D:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- D:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- D:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- D:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- D:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\mucltui.dll
2008-10-16 12:38:40 ----A---- D:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 ----A---- D:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 ----A---- D:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 ----A---- D:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 ----A---- D:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 ----A---- D:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 ----A---- D:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 ----A---- D:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 ----A---- D:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 ----A---- D:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 ----A---- D:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 ----A---- D:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 ----A---- D:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 ----A---- D:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 ----A---- D:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 ----A---- D:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 ----A---- D:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 ----A---- D:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 ----A---- D:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 ----A---- D:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:35 ----A---- D:\WINDOWS\system32\extmgr.dll
2008-10-16 12:38:34 ----A---- D:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 ----A---- D:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 ----A---- D:\WINDOWS\system32\advpack.dll
2008-10-16 07:02:51 ----D---- D:\WINDOWS\Debug
2008-10-16 05:11:09 ----A---- D:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 ----A---- D:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:34:24 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-14 23:04:53 ----A---- D:\WINDOWS\system32\ieakui.dll
2008-10-11 10:09:10 ----RSD---- D:\WINDOWS\assembly
2008-10-11 08:35:39 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-11 08:35:39 ----D---- C:\Program Files\Ad-Aware 2007
2008-10-11 08:06:55 ----D---- C:\Program Files\Registry Back-up
2008-10-11 07:57:01 ----D---- D:\WINDOWS\security
2008-10-11 07:57:01 ----D---- D:\WINDOWS\_ISTMP1.DIR
2008-10-11 07:57:01 ----AD---- D:\Program Files
2008-10-11 07:56:50 ----D---- C:\Program Files\GAMES
2008-10-11 07:46:10 ----D---- C:\Program Files\Revo Uninstaller
2008-10-11 07:38:08 ----D---- D:\Program Files\Common Files\Intuit
2008-10-03 02:02:42 ----A---- D:\WINDOWS\system32\strmdll.dll
2008-10-02 22:58:38 ----D---- D:\Documents and Settings\John\Application Data\LimeWire
2008-09-21 11:26:38 ----A---- D:\WINDOWS\hegames.ini
2008-09-21 11:26:29 ----D---- D:\hegames
2008-09-21 10:50:50 ----A---- D:\WINDOWS\encore_launcher.ini
2008-09-13 06:27:27 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; D:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 RCFOX;SonicWALL IPsec Driver; \??\D:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 nvcap;nVidia WDM Video Capture (universal); D:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-04-09 120780]
R2 nvTUNEP;nVidia WDM TVTuner; D:\WINDOWS\System32\DRIVERS\nvtunep.sys [2003-04-09 20480]
R2 nvtvSND;nVidia WDM TVAudio Crossbar; D:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2003-04-09 20224]
R2 NVXBAR;nVidia WDM A/V Crossbar; D:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-04-09 13070]
R3 aeaudio;aeaudio; D:\WINDOWS\system32\drivers\aeaudio.sys [2002-03-31 4816]
R3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 DNE;Deterministic Network Enhancer Miniport; D:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-05-14 147236]
R3 dot4;MS IEEE-1284.4 Driver; D:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; D:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 Dot4Scan;Scan Class Driver for IEEE-1284.4; D:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; D:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 GEARAspiWDM;GEARAspiWDM; D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-17 1618939]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); D:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2004-02-14 244096]
R3 rcvpn;SonicWALL VPN Adapter; D:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; D:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 smwdm;smwdm; D:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]
R3 SSLDrv;SSL-VPN NetExtender Adapter; D:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2006-08-28 17136]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WinDriver6;WinDriver6; D:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MagicTune;MagicTune; D:\WINDOWS\system32\drivers\MTiCtwl.sys [2004-10-11 12062]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Still Serial Digital Camera Driver; D:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; D:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; D:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\AVAST Virus Protection\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Virus Protection\ashServ.exe [2008-11-26 155160]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2006-08-28 240880]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\AVAST Virus Protection\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\AVAST Virus Protection\ashWebSv.exe [2008-11-26 352920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-11 138168]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RampartSvc;SonicWall VPN Client Service; D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2004-10-15 131072]
S4 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2003-11-17 77824]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-11 15:21:48

======Uninstall list======

-->MsiExec.exe /I{CFB6DF29-69D7-4191-894E-C695BABD55B8}
-->MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
102 Dalmatians Activity Center-->D:\WINDOWS\IsUninst.exe -fC:\PROGRA~2\DISNEY~1\DISNEY~1\DeIsL1.isu
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->D:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced SystemCare 3--> "C:\Program Files\Advanced SystemCare 3\unins000.exe "
Age of Mythology - The Titans Expansion--> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology--> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AusLogics Disk Defrag--> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe "
avast! Antivirus-->C:\Program Files\AVAST Virus Protection\aswRunDll.exe "C:\Program Files\AVAST Virus Protection\Setup\setiface.dll ",RunSetup
AXIS Media Control-->rundll32 "D:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll ",UninstallMe
Backyard Soccer 2004-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEE7766E-C99F-4735-A42B-77924324F253}
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Cole2k Media - Codec Pack (Advanced) 6.0.9-->D:\WINDOWS\system32\C2MP\Uninst.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Computrainer-->D:\WINDOWS\st6unst.exe -n "D:\Program Files\ST6UNST.LOG"
Coupon Printer for Windows--> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml "
Disney's Dinosaur Activity Center-->D:\WINDOWS\IsUninst.exe -fD:\PROGRA~1\DISNEY~1\DINOSA~1\DeIsL5.isu
Encompass-->MsiExec.exe /X{2D1421F3-0E2C-4989-A146-64090A48701F}
EPSON Printer Software-->D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eusing Free Registry Cleaner-->C:\PROGRA~2\EUSING~1\UNWISE.EXE C:\PROGRA~2\EUSING~1\INSTALL.LOG
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{0FADC5B1-E0E8-4DCA-A1BF-8B3B6496207A}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar4.dll "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
hp officejet g series-->D:\WINDOWS\system32\hpocon09.exe /u 1197912028 /d "hp officejet g series "
Imaginext(TM) Battle Castle-->D:\Program Files\Common Files\Imaginext(TM)\Uninstall\CastleUn.exe
iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment Standard Edition v1.3.1_10-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{68249B6E-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JumpStart Parent Resource Center-->D:\WINDOWS\IsUninst.exe -fc:\PROGRA~2\games\JUMPST~1\PRC\DeIsL1.isu
JumpStart Typing-->D:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSTypeUn.EXE
Kid Pix Studio Deluxe-->D:\WINDOWS\TLCUninstall.exe -f "D:\Program Files\The Learning Company\Kid Pix Studio Deluxe\Uninstall.xml "
LimeWire 4.18.8--> "C:\Program Files 2\LimeWire\uninstall.exe "
Live Search Maps Add-In for Microsoft Office Outlook-->MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
Loan Analyzer Comparator-->MsiExec.exe /I{6E0DC0CF-B594-43DD-AF09-16409CD8BAE9}
LoanMagic v4-->C:\Program Files\Document Systems, Inc\LoanMagic\uninst.exe
Logitech QuickCam-->MsiExec.exe /I{466B21EE-2858-4845-B2B3-056FC544DAA3}
Logitech® Camera Driver--> "D:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{59932D51-F260-4EF6-A784-4F69659F1A62}
MeridianLink Site Security Certificate-->C:\PROGRA~2\MERIDI~1\SITESE~1\UNWISE.EXE C:\PROGRA~2\MERIDI~1\SITESE~1\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Data Access Components KB870669-->D:\WINDOWS\muninst.exe D:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs--> "D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{684FD900-B874-4A02-90E1-E65305D72B6B}
Microsoft Visual J# 2.0 Redistributable Package-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
MSN Money Toolbar Add-in-->MsiExec.exe /I{8DD01BB5-720A-4161-9A59-8450597FA9AC}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Natural Color-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
NotePadSync-->C:\Program Files\InstallShield Installation Information\{14A19F58-528A-4ACC-8723-F6854B39CACC}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Display Driver-->D:\WINDOWS\System32\nvudisp.exe Uninstall D:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA WDM Drivers-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
Pdf995-->c:\pdf995\setup.exe uninstall
Photo Loader 2.3E-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
Photohands 1.0E-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66034137-F1CE-4CEF-8180-46553C54DB18}
Pop-up Excel Calendar 1.2.2--> "C:\Program Files\OFFICE-KIT.COM\Pop-up Excel Calendar\unins000.exe "
QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
Reader Rabbit's(R) Math Ages 6 - 9-->D:\Program Files\The Learning Company\Reader Rabbit's(R) Math Ages 6 - 9\uninstall.exe
Revo Uninstaller 1.75-->C:\Program Files\Revo Uninstaller\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)--> "D:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "D:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "D:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "D:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "D:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "D:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "D:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "D:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB958215)--> "D:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB952069)--> "D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954600)--> "D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956802)--> "D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{1306C737-0AF4-46C7-B282-64E099304712}
SonicWALL SSL-VPN NetExtender-->D:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
Spybot - Search & Destroy 1.5.2.20--> "D:\WINDOWS\unins000.exe "
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
StatTrak for Baseball-->D:\WINDOWS\uninst.exe -f "c:\program files 2\DeIsL2.isu" -c "c:\program files 2\_ISREG32.DLL "
Tarzan Action Game-->D:\WINDOWS\IsUninst.exe -fC:\PROGRA~2\DISNEY~1\TARZAN~1\DeIsL1.isu
The Mystery of Veggie Island-->D:\WINDOWS\uninst.exe -fc:\PROGRA~2\games\VEGGIE~1\DeIsL1.isu
Toy Story 2-->D:\WINDOWS\IsUninst.exe -fC:\PROGRA~2\DISNEY~1\TOYSTO~1\DeIsL1.isu
Treasure Cove! CD-->D:\WINDOWS\IsUninst.exe -fc:\3133042c6699882c2c6a\Uninst\DeIsL1.isu
Treo 750 User Guide-->MsiExec.exe /X{9E4F351C-60AC-43DC-A38B-5C5F05B6B015}
U.B. Funkeys-->C:\Program Files\U.B. Funkeys\uninstall.exe
Uninstall TONKA Monster Trucks-->D:\WINDOWS\IsUninst.exe -f "c:\program files\games\Uninst.isu "
Update for Windows XP (KB955839)--> "D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe "
WebEx-->D:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{71CB529E-21A4-42AD-BF38-564F08988633}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{D3F28364-8B10-45F1-8C2D-0037F4538BBB}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{328420FA-7638-4AB1-81DF-E0FECEFF24E3}
Windows Live Toolbar--> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Format Runtime--> "D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10--> "D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Mobile® Device Handbook-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP Service Pack 3--> "D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
Yahoo! Install Manager-->D:\WINDOWS\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->D:\PROGRA~1\xerox\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\xerox\MESSEN~1\INSTALL.LOG

Hosts File Missing

John

noahdfear · 2008/12/14

Hi johnd1,

Please open MBAM and select the Logs tab.
Select a scan report then click View.
Post it's contents here.
If there is more than 1 recent log, post them all.

johnd1 · 2008/12/15

I opened MBAM and here is a copy of the content under the logs tab. THX!

Log:
Malwarebytes' Anti-Malware 1.31
Database version: 1490
Windows 5.1.2600 Service Pack 3

12/11/2008 12:09:09 PM
mbam-log-2008-12-11 (12-09-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 154692
Time elapsed: 31 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP936\A0169743.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP936\A0170780.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP936\A0170801.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP936\A0170820.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP936\A0170829.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP938\A0170886.exe (Trojan.Agent) -> Delete on reboot.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP938\A0170954.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171162.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171184.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171188.dll (Trojan.FakeAlert) -> Delete on reboot.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171213.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171243.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171262.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171287.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171294.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP940\A0171326.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP941\A0171385.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP941\A0171438.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP941\A0171444.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP941\A0171475.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP942\A0171512.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP943\A0171718.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP943\A0171739.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP943\A0171750.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{199ED1F7-3D91-45FA-9A73-DEEA5D550E51}\RP943\A0171781.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN10.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN11.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN12.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN13.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN14.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN15.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN16.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN17.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN56.tmp (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\Temp\BN6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN8.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BNA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BNB.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BNC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BND.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BNE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BNF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

12/15/08 Log-
Malwarebytes' Anti-Malware 1.31
Database version: 1501
Windows 5.1.2600 Service Pack 3

12/15/2008 8:39:14 AM
mbam-log-2008-12-15 (08-39-14).txt

Scan type: Quick Scan
Objects scanned: 76063
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

noahdfear · 2008/12/15

Thanks!

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

johnd1 · 2008/12/16

Hi Noah, here is the log you requested. I tried to turn off tea timer, i think i did it correctly. Thanks again for taking the time!!!

ComboFix 08-12-15.08 - John 2008-12-16 8:57:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.265 [GMT -8:00]
Running from: d:\documents and settings\John\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-15 12:41 . 2008-12-15 12:41 <DIR> d-------- d:\documents and settings\John\Application Data\GlarySoft
2008-12-15 12:25 . 2008-12-15 12:31 <DIR> d-------- c:\program files\Glary Utilities
2008-12-15 11:09 . 2008-12-15 11:21 959 -rah----- d:\windows\EPMBatch.ept
2008-12-11 18:06 . 2008-12-11 18:06 <DIR> d-------- c:\program files\Partition Manager 3.0 Home Edition EASEUS
2008-12-11 14:56 . 2008-12-11 15:21 <DIR> d-------- D:\rsit
2008-12-11 14:56 . 2008-12-11 15:21 <DIR> d-------- c:\program files\trend micro
2008-12-11 11:33 . 2008-12-11 11:33 <DIR> d-------- d:\documents and settings\John\Application Data\Malwarebytes
2008-12-11 11:33 . 2008-12-11 11:33 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 11:33 . 2008-12-11 11:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 11:33 . 2008-12-03 19:52 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 11:33 . 2008-12-03 19:52 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-11 07:21 . 2008-12-11 07:21 287 --a------ d:\windows\system32\MRT.INI
2008-12-10 11:14 . 2008-10-03 02:02 247,326 -----c--- d:\windows\system32\dllcache\strmdll.dll
2008-12-08 02:32 . 2008-12-08 09:56 <DIR> d-------- d:\documents and settings\John\Application Data\IObit
2008-12-08 02:32 . 2008-12-16 07:07 <DIR> d-------- c:\program files\Advanced SystemCare 3
2008-12-08 02:14 . 2008-12-08 02:14 <DIR> d-------- d:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-12-07 20:33 . 2008-12-07 20:33 54,156 --ah----- d:\windows\QTFont.qfn
2008-12-07 20:33 . 2008-12-07 20:33 1,409 --a------ d:\windows\QTFont.for
2008-12-05 09:25 . 2008-12-11 07:21 32,768 --a------ d:\windows\system32\drivers\ati4gbxx.sys
2008-11-16 08:07 . 2008-11-16 08:07 <DIR> d-------- d:\documents and settings\John\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 16:30 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 14:38 --------- d-----w c:\program files\AVAST Virus Protection
2008-12-15 20:46 --------- d-----w c:\program files\Registry Back-up
2008-12-14 23:32 11,376 ----a-w d:\windows\system32\drivers\secdrv.sys
2008-12-11 16:45 --------- d-----w c:\program files\HIJACKTHIS (SPYWARE REMOVAL)
2008-12-10 22:10 --------- d-----w d:\documents and settings\All Users\Application Data\pdf995
2008-12-08 09:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-27 16:51 225,280 ----a-w d:\windows\system32\BootMan.exe
2008-11-26 23:58 472,064 ----a-w d:\windows\system32\NTFSFormat.dll
2008-11-26 23:55 65,536 ----a-w d:\windows\system32\FatCopy.dll
2008-11-26 23:54 17,920 ----a-w d:\windows\system32\SectorCopy.dll
2008-11-26 23:54 139,776 ----a-w d:\windows\system32\NTFSCopy.dll
2008-11-26 23:52 86,016 ----a-w d:\windows\system32\ResizeNTFS.dll
2008-11-26 23:51 93,184 ----a-w d:\windows\system32\Partition.dll
2008-11-26 23:51 61,952 ----a-w d:\windows\system32\FatResizeMove.dll
2008-11-26 23:51 45,568 ----a-w d:\windows\system32\FileSystemCheck.dll
2008-11-26 23:50 180,736 ----a-w d:\windows\system32\DeviceManager.dll
2008-11-26 23:49 86,528 ----a-w d:\windows\system32\NTFSLib.dll
2008-11-26 23:49 31,744 ----a-w d:\windows\system32\FatLib.dll
2008-11-26 23:49 22,016 ----a-w d:\windows\system32\FatFormat.dll
2008-11-26 23:48 68,096 ----a-w d:\windows\system32\Device.dll
2008-11-26 23:48 6,656 ----a-w d:\windows\system32\CallbackOperator.dll
2008-11-26 23:48 24,576 ----a-w d:\windows\system32\NTFSFileSystemAnalyser.dll
2008-11-26 23:48 21,504 ----a-w d:\windows\system32\Fixup.dll
2008-11-26 23:48 14,848 ----a-w d:\windows\system32\FileSystemAnalyser.dll
2008-11-26 23:48 10,752 ----a-w d:\windows\system32\DeviceAdapter.dll
2008-11-26 23:47 25,088 ----a-w d:\windows\system32\FATFileSystemAnalyser.dll
2008-11-26 01:18 86,408 ----a-w d:\windows\system32\setupempdrv03.exe
2008-11-26 01:18 8,704 ----a-w d:\windows\system32\epmntdrv.sys
2008-11-26 01:18 3,072 ----a-w d:\windows\system32\EuGdiDrv.sys
2008-11-26 01:18 14,848 ----a-w d:\windows\system32\EuEpmGdi.dll
2008-11-20 18:50 --------- d-----w c:\program files\Encompass
2008-11-17 18:28 --------- d-----w d:\documents and settings\John\Application Data\WebEx
2008-11-16 05:54 --------- d-----w d:\documents and settings\Robin\Application Data\Snapfish
2008-11-12 18:57 --------- d-----w c:\program files\MSXML 4.0
2008-10-28 22:06 --------- d-----w d:\documents and settings\Robin\Application Data\AdobeAUM
2008-10-24 11:21 455,296 ----a-w d:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w d:\windows\system32\gdi32.dll
2008-10-22 04:45 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 17:03 --------- d-----w d:\documents and settings\All Users\Application Data\Apple
2008-10-16 22:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w d:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w d:\windows\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w d:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w d:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w d:\windows\system32\msxml4.dll
2008-09-14 16:05 69,896 ----a-w d:\documents and settings\Robin\Application Data\GDIPFONTCACHEV1.DAT
2008-08-12 19:38 69,896 ----a-w d:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
2008-05-24 04:28 392,598 ----a-w c:\program files\Backyard Basketball 2004.log
2008-05-24 04:28 387 ----a-w c:\program files\coaches.dic
2008-05-24 04:28 256,420 ----a-w c:\program files\JT.chf
2008-05-24 04:28 22 ----a-w c:\program files\count.txt
2008-05-24 04:28 17,809 ----a-w c:\program files\game_options.dat
2008-05-24 04:26 1,837 ----a-w c:\program files\JT_JACK DERHAM.cust
2008-05-24 04:03 248,303 ----a-w c:\program files\JC.chf
2008-05-24 04:03 1,828 ----a-w c:\program files\JC_JACK DERHAM.cust
2008-05-24 03:59 230,864 ----a-w c:\program files\CJ.chf
2008-05-24 03:59 1,853 ----a-w c:\program files\CJ_JACK DERHAM.cust
2008-05-24 03:59 1,845 ----a-w c:\program files\CJ_JUSTIN FREIDMAN.cust
2008-05-01 15:09 56,912 ----a-w d:\documents and settings\John\g2mdlhlpx.exe
2008-04-01 23:45 231,815 ----a-w c:\program files\JD.chf
2008-04-01 23:29 1,999 ----a-w c:\program files\JD_JACK DERHAM.cust
2008-01-01 06:22 48,911 ----a-w c:\program files\errorlog.txt
2008-01-01 06:14 236,541 ----a-w c:\program files\PHILL.chf
2008-01-01 06:14 225,665 ----a-w c:\program files\BROJE.chf
2008-01-01 06:12 232,538 ----a-w c:\program files\BP'S TEAM.chf
2008-01-01 05:54 1,861 ----a-w c:\program files\BROJE_brett derham.cust
2008-01-01 05:52 1,838 ----a-w c:\program files\BROJE_cole de flores.cust
2007-06-28 23:26 1,864 ----a-w c:\program files\BP'S TEAM_BRETT DERHAM.cust
2007-06-28 00:09 1,836 ----a-w c:\program files\CJ_BRETT DERHAM.cust
2007-06-28 00:07 1,836 ----a-w c:\program files\CJ_COLE DEFLORES.cust
2007-06-27 23:48 248,064 ----a-w c:\program files\BOB.chf
2007-04-03 23:53 1,859 ----a-w c:\program files\BP'S TEAM_PHILLIP SPANFELNER.cust
2007-01-03 22:47 235,273 ----a-w c:\program files\RX.chf
2006-11-17 16:18 433,192 ----a-w c:\program files\msgr8us.exe
2006-09-04 16:30 408 ----a-w c:\program files\patchlog.txt
2006-06-01 02:21 350,088 ----a-w c:\program files\screenshot000.png
2003-09-03 21:50 1,223,360 ----a-w c:\program files\basketball2004.exe
2003-09-03 18:54 291,589,522 ------w c:\program files\bitties.he
2003-09-03 18:43 8,284,513 ------w c:\program files\menus.he
2003-09-03 18:43 1,118,695 ------w c:\program files\data.he
2003-08-29 22:26 19,738,616 ------w c:\program files\characters.he
2003-08-28 00:44 2,450,064 ------w c:\program files\clubhouse_backgrounds.he
2003-08-27 16:51 679,936 ------w c:\program files\yagagraphics.dll
2003-08-25 23:34 176,128 ------w c:\program files\yagaevents.dll
2003-08-25 18:59 39,773,842 ------w c:\program files\sfx.he
2003-08-25 18:59 368,394 ------w c:\program files\team_photo.he
2003-08-25 18:59 3,357 ------w c:\program files\source.he
2003-08-25 18:59 2,873,479 ------w c:\program files\outro.he
2003-08-25 18:58 61,861,354 ------w c:\program files\music.he
2003-08-25 18:58 4,930 ------w c:\program files\extra.he
2003-08-25 18:58 34,633 ------w c:\program files\cursors.he
2003-08-25 18:58 20,238,461 ------w c:\program files\fields.he
2001-08-23 12:00 94,784 -csh--w d:\windows\twain.dll
2008-04-14 00:12 50,688 --sh--w d:\windows\twain_32.dll
2005-01-17 09:53 3,547 --sha-w d:\windows\system32\mdxvq.dat
2008-04-14 00:11 1,028,096 --sh--w d:\windows\system32\mfc42.dll
2008-04-14 00:12 57,344 --sh--w d:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w d:\windows\system32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w d:\windows\system32\msvcrt.dll
2005-02-17 15:17 475 --sh--w d:\windows\system32\niwijqwe.dll
2008-04-14 00:12 551,936 --sh--w d:\windows\system32\oleaut32.dll
2008-04-14 00:12 84,992 --sha-w d:\windows\system32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w d:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 68856]
"H/PC Connection Agent "= "c:\program files\ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Advanced SystemCare 3 "= "c:\program files\Advanced SystemCare 3\AWC.exe" [2008-11-26 2235920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]

d:\documents and settings\Robin\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-08-08 225280]
PowerReg Scheduler.exe [2006-10-13 256000]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc "= ITIG726.acm
"MSACM.CEGSM "= mobilev.acm
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4gbxx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-24 02:24 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe "=
"d:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "=
"d:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"d:\\Program Files\\Logitech\\Video\\Launcher.exe "=
"d:\\Program Files\\xerox\\Messenger\\YahooMessenger.exe "=
"d:\\Program Files\\xerox\\Messenger\\YServer.exe "=
"c:\\Program Files 2\\LimeWire\\LimeWire.exe "=
"c:\program files\ActiveSync\rapimgr.exe "= c:\program files\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\ActiveSync\wcescomm.exe "= c:\program files\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\ActiveSync\WCESMgr.exe "= c:\program files\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"5100:TCP "= 5100:TCP:127.0.0.1
"5050:TCP "= 5050:TCP:messanger
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP "= 1723:TCPxpsp2res.dll,-22015
"1701:UDP "= 1701:UDPxpsp2res.dll,-22016
"500:UDP "= 500:UDPxpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 0 (0x0)

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-04-25 111184]
R1 RCFOX;SonicWALL IPsec Driver;\??\d:\windows\system32\Drivers\RCFOX.sys [2006-07-13 91136]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-25 20560]
R2 nvTUNEP;nVidia WDM TVTuner;d:\windows\system32\DRIVERS\nvtunep.sys [2004-03-01 20480]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;d:\windows\system32\DRIVERS\nvtvsnd.sys [2004-03-01 20224]
R3 rcvpn;SonicWALL VPN Adapter;d:\windows\system32\DRIVERS\rcvpn.sys [2006-07-13 23180]
R3 SSLDrv;SSL-VPN NetExtender Adapter;d:\windows\system32\DRIVERS\SSLDrv.sys [2006-08-28 17136]
S0 ati4gbxx;ati4gbxx;d:\windows\system32\Drivers\ati4gbxx.sys [2008-12-05 32768]
S3 epmntdrv;epmntdrv;\??\d:\windows\system32\epmntdrv.sys [2008-12-11 8704]
S3 EuGdiDrv;EuGdiDrv;\??\d:\windows\system32\EuGdiDrv.sys [2008-12-11 3072]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-16 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

2008-12-16 d:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]

2008-04-29 d:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]

2008-12-16 d:\windows\Tasks\User_Feed_Synchronization-{83F4F7A1-000B-4D4D-A342-6C1D0F7FD3AE}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 18:36]

2007-03-09 d:\windows\Tasks\WorkCenter LOS Sync.job
- c:\program files\WorkCenter\WorkCenter.exe []

2007-03-09 d:\windows\Tasks\WorkCenter Schedule Sync.job
- c:\program files\WorkCenter\WorkCenter.exe []
.
- - - - ORPHANS REMOVED - - - -

Notify-enmhytg - enmhytg.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.linkedin.com/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: *.frame.crazywinnings.com

d:\windows\Downloaded Program Files\ntractivex118.dll - O16 -: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}
hxxp://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_28.cab
d:\windows\Downloaded Program Files\ntractivex118.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 09:00:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
d:\windows\system32\NTDSAPI.dll
.
Completion time: 2008-12-16 9:02:07
ComboFix-quarantined-files.txt 2008-12-16 17:02:05

Pre-Run: 20,245,082,112 bytes free
Post-Run: 20,585,504,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

268 --- E O F --- 2008-12-11 15:22:02

noahdfear · 2008/12/17

Is there any improvement in behavior?

Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

johnd1 · 2008/12/17

Hi Noah, Yes it is performing much better since we ran the two removal applications noted above. The browser and the pc aren't freezing up anymore. The browser is still pretty slow to open when i click on the icon. Is this because i have the google toolbar with various icons (dictionary, mapquest, google maps, gmail) loading? I also noticed this
(Trusted Zone: *.frame.crazywinnings.com) in the above log...is this gone? does it have any impact on performance? Do you see any applications running at start up that i don't necessarily need? It seems like alot of stuff is loading but i don't know how or what to disable if anything.
Here is the Kaspersky Log. Thanks again Noah, much apprecaited!!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 17, 2008 12:59:56
Records in database: 1468877
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 85673
Threat name: 7
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 01:32:27

File name / Threat name / Threats count
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: Trojan.Java.ClassLoader.k 1
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: not-a-virus:AdWare.Win32.BiSpy.f 2
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: not-a-virus:AdWare.Win32.BiSpy.m 2
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: not-a-virus:AdWare.Win32.HelpExpress 2
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: not-a-virus:AdWare.Win32.404Search.i 2
C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf Infected: Exploit.HTML.Mht 1

noahdfear · 2008/12/18

Scan with HijackThis and place a check next to the following entries.

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

Close all other open windows then click Fix Checked. Exit HijackThis when done.

You've got some infected files in the following backup.

C:\BACKUPS TO DISK\Backup personal settings and files 11.07.04.bkf

If that's something you can delete and create a new backup, I'd certainly recommend doing so.

Lets get ComboFix uninstalled. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

Delete RSIT.exe and the C:\rsit folder.

The Google toolbar may be a problem. Try disabling it to see if there's any improvement.

Log in or Sign up

Active PC & Browser very sluggish and freezes up.

johnd1 Inactive Thread Starter

noahdfear Inactive

johnd1 Inactive Thread Starter

noahdfear Inactive

johnd1 Inactive Thread Starter

noahdfear Inactive

johnd1 Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Active PC & Browser very sluggish and freezes up.

johnd1 Inactive Thread Starter

noahdfear Inactive

johnd1 Inactive Thread Starter

noahdfear Inactive

johnd1 Inactive Thread Starter

noahdfear Inactive

johnd1 Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches