[Inactive] Windows Vista SP2 possible malware?

flash4203 · Jan 31, 2012

as i was helped so much on my laptop i am getting parents PC looked at
its a HP Pavillian a6325.uk

here are the logs

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.30.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: VALRORIK-PC [administrator]

Protection: Enabled

31/01/2012 01:47:22
mbam-log-2012-01-31 (01-47-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343226
Time elapsed: 1 hour(s), 11 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-31 04:53:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.12.0
Running: 1u6gwtk6.exe; Driver: C:\Users\User\AppData\Local\Temp\ufldqkob.sys

---- System - GMER 1.0.15 ----

SSDT 89CB3C30 ZwAlertResumeThread
SSDT 89CB3D10 ZwAlertThread
SSDT 89CE9640 ZwAllocateVirtualMemory
SSDT 89B32930 ZwAlpcConnectPort
SSDT 89CBE8F0 ZwAssignProcessToJobObject
SSDT 89CBEE58 ZwCreateMutant
SSDT 89CE8CE8 ZwCreateSymbolicLinkObject
SSDT 89CE5C68 ZwCreateThread
SSDT 89CBE990 ZwDebugActiveProcess
SSDT 89CE5990 ZwDuplicateObject
SSDT 89CE9460 ZwFreeVirtualMemory
SSDT 89CBEF48 ZwImpersonateAnonymousToken
SSDT 89CB3B50 ZwImpersonateThread
SSDT 89B93A18 ZwLoadDriver
SSDT 89CBFF28 ZwMapViewOfSection
SSDT 89CBED78 ZwOpenEvent
SSDT 89CE5B50 ZwOpenProcess
SSDT 89CE9730 ZwOpenProcessToken
SSDT 89CBEBB8 ZwOpenSection
SSDT 89CE5A80 ZwOpenThread
SSDT 89CE8ED8 ZwProtectVirtualMemory
SSDT 89CB3DF0 ZwResumeThread
SSDT 89CBFC78 ZwSetContextThread
SSDT 89CBFD58 ZwSetInformationProcess
SSDT 89CBEA70 ZwSetSystemInformation
SSDT 89CBEC98 ZwSuspendProcess
SSDT 89CB3ED0 ZwSuspendThread
SSDT 89CC4E10 ZwTerminateProcess
SSDT 89CB3F90 ZwTerminateThread
SSDT 89CBFE48 ZwUnmapViewOfSection
SSDT 89CE9550 ZwWriteVirtualMemory
SSDT 89CE8DD8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 82AB48A0 8 Bytes [30, 3C, CB, 89, 10, 3D, CB, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82AB48B4 4 Bytes [40, 96, CE, 89]
.text ntkrnlpa.exe!KeSetEvent + 13D 82AB48C0 4 Bytes [30, 29, B3, 89] {XOR [ECX], CH; MOV BL, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 191 82AB4914 4 Bytes CALL D5C7D2E4
.text ntkrnlpa.exe!KeSetEvent + 1F5 82AB4978 4 Bytes [58, EE, CB, 89]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!EnableWindow 7755CD8B 5 Bytes JMP 6C689A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxParamW 775810B0 5 Bytes JMP 6C5E170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxIndirectParamW 77582EF5 5 Bytes JMP 6C7D62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxParamA 77598152 5 Bytes JMP 6C7D6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxIndirectParamA 7759847D 5 Bytes JMP 6C7D6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxIndirectA 775AD4D9 5 Bytes JMP 6C7D61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxIndirectW 775AD5D3 5 Bytes JMP 6C7D6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxExA 775AD639 5 Bytes JMP 6C7D6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxExW 775AD65D 5 Bytes JMP 6C7D609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] ntdll.dll!NtMapViewOfSection 77724994 5 Bytes JMP 044C003A
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] ntdll.dll!NtSetInformationProcess 77725194 5 Bytes JMP 044C00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!ReadProcessMemory + 3E 75F11CB3 7 Bytes JMP 044C01B0
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!WriteProcessMemory + 106 75F11DBE 7 Bytes JMP 044C03D2
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!CreateIoCompletionPort + 52 75F39DA6 7 Bytes JMP 044C0488
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!VirtualAllocEx + 54 75F5AF70 7 Bytes JMP 044C031C
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!CreateThread 75F5CB2E 5 Bytes JMP 6C647303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!GetProcessHandleCount + 35 75FA5D4F 7 Bytes JMP 044C0266
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogParamW 775572A2 5 Bytes JMP 6C7D6628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!GetAsyncKeyState 7755863C 5 Bytes JMP 6C62DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetWindowsHookExW 775587AD 5 Bytes JMP 6C682194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CallNextHookEx 77558E3B 5 Bytes JMP 6C6A7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!UnhookWindowsHookEx 775598DB 5 Bytes JMP 6C6CEB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!EnableWindow 7755CD8B 5 Bytes JMP 6C689A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DefWindowProcA 7755DB88 7 Bytes JMP 6C64952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateWindowExA 7755DC2A 5 Bytes JMP 6C653363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateWindowExW 77561305 5 Bytes JMP 6C6AFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!GetKeyState 77568CB1 5 Bytes JMP 6C62DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DefWindowProcW 775703B4 7 Bytes JMP 6C6A7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!IsDialogMessageW 77570745 5 Bytes JMP 6C7D6D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogParamA 775717AA 5 Bytes JMP 6C7D65F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!IsDialogMessage 77571847 2 Bytes JMP 6C7D6D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!IsDialogMessage + 3 7757184A 2 Bytes [26, F5]
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogIndirectParamA 775726F1 5 Bytes JMP 6C7D6660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogIndirectParamW 77579A62 5 Bytes JMP 6C7D6698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetKeyboardState 77580987 5 Bytes JMP 6C7D7649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxParamW 775810B0 5 Bytes JMP 6C5E170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxIndirectParamW 77582EF5 5 Bytes JMP 6C7D62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SendInput 77582F75 5 Bytes JMP 6C7D75F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!EndDialog 7758326E 5 Bytes JMP 6C7D702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetCursorPos 77596FB2 5 Bytes JMP 6C7D76CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxParamA 77598152 5 Bytes JMP 6C7D6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxIndirectParamA 7759847D 5 Bytes JMP 6C7D6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxIndirectA 775AD4D9 5 Bytes JMP 6C7D61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxIndirectW 775AD5D3 5 Bytes JMP 6C7D6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxExA 775AD639 5 Bytes JMP 6C7D6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxExW 775AD65D 5 Bytes JMP 6C7D609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!keybd_event 775AD972 5 Bytes JMP 6C7D75AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] SHELL32.dll!SHRestricted + D95 762B89A8 4 Bytes [CF, 01, BC, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] SHELL32.dll!SHRestricted + D9D 762B89B0 8 Bytes [E0, 61, BB, 6D, 79, F7, BB, ...] {LOOPNZ 0x63; MOV EBX, 0xbbf7796d; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!OleLoadFromStream 77421E80 5 Bytes JMP 6C7D6A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!CoGetTreatAsClass + D2F 7743FAE3 7 Bytes JMP 044C053E
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!CoCreateInstance + 3E 77459F7C 7 Bytes JMP 044C05F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!closesocket 76DB330C 5 Bytes JMP 66AA41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!recv 76DB343A 5 Bytes JMP 66AA4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!socket 76DB36D1 5 Bytes JMP 66AA354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!connect 76DB40D9 5 Bytes JMP 66AA35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!getaddrinfo 76DB418A 5 Bytes JMP 66AA3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!send 76DB659B 5 Bytes JMP 66AA3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

flash4203 · Jan 31, 2012

Edit: Excess GMER entries reviewed and removed by Bobbye.

flash4203 · Jan 31, 2012

Edit: Excess GMER entries reviewed and removed by Bobbye.

---- EOF - GMER 1.0.15 ----

flash4203 · Jan 31, 2012

AND NOW DDS

dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by User at 12:54:09 on 2012-01-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1699 [GMT 0:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [PCDrProfiler] "c:\program files\pc-doctor for windows\RunProfiler.exe" -r
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB7E66FC-61F6-4457-B99A-C483DF5DED1A} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\tzu18q8h.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-22 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-22 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-23 820344]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120128.002\IDSvix86.sys [2012-1-31 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-22 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-22 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-24 21504]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-25 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-22 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-21 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2002-1-1 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-25 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-1-24 139880]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-13 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-13 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-13 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-13 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-13 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
.
=============== Created Last 30 ================
.
2012-01-31 00:38:34 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-31 00:38:32 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-31 00:38:32 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-31 00:38:32 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-31 00:38:32 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-31 00:38:31 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-01-31 00:38:31 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-01-31 00:34:58 -------- d-----w- c:\users\user\appdata\local\Mozilla
2012-01-26 07:53:56 -------- d-----w- c:\program files\iPod
2012-01-24 01:58:07 -------- d-----w- c:\users\user\appdata\local\Hewlett-Packard
2012-01-24 01:43:36 -------- d-----w- c:\programdata\PC-Doctor
2012-01-24 01:43:20 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-01-24 01:42:11 -------- d-----w- c:\program files\PC-Doctor for Windows
2012-01-24 01:42:07 -------- d-----w- C:\hp
2012-01-24 01:39:34 -------- d-----w- c:\users\user\appdata\roaming\HpUpdate
2012-01-24 01:39:33 -------- d-----w- c:\windows\Hewlett-Packard
2012-01-24 00:16:19 -------- d-----w- c:\users\user\appdata\local\NVIDIA Corporation
2012-01-13 15:12:40 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-01-13 15:12:08 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-01-13 15:11:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-01-13 15:11:16 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-01-13 15:10:57 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-01-13 15:10:50 892928 ----a-w- c:\windows\system32\iconv.dll
2012-01-13 15:10:50 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-01-13 15:10:49 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2012-01-13 15:10:48 -------- d-----w- c:\program files\Aimersoft
2012-01-11 16:22:53 -------- d-----w- c:\programdata\Audible
2012-01-11 16:15:53 -------- d-----w- c:\users\user\appdata\local\Audible
2012-01-11 16:10:02 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 16:10:02 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 16:10:01 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:09:59 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:09:57 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:09:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 16:09:55 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:09:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 09:36:07 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2012-01-10 09:36:02 499712 ------w- c:\windows\system32\msvcp71.dll
2012-01-10 09:36:02 24576 ------w- c:\windows\system32\msxml3a.dll
2012-01-10 09:36:02 1060864 ------w- c:\windows\system32\mfc71.dll
2012-01-10 09:35:33 -------- d-----w- c:\program files\Audible
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23:44 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23:08 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23:05 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12:25 9728 ----a-w- c:\windows\system32\lsass.exe
2011-11-15 20:34:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:55:16.60 ===============

flash4203 · Jan 31, 2012

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/01/2002 21:09:13
System Uptime: 31/01/2012 12:45:28 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Benicia
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 347.944 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2A6F103C&REV_02\4&5D52B92&0&00E2
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2A6F103C&REV_02\4&5D52B92&0&00E2
Service: RTL8169
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Aimersoft DRM Media Converter(Build 1.4.7.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VideoSecurity Online
AudibleManager
Bejeweled Deluxe 1.861
Bonjour
BT Broadband Desktop Help
BTHomeHub
Business Contact Manager for Outlook 2007 SP2
CCleaner
D3DX10
Free RAR Extract Frog
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP My Display
HP Product Detection
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Lexmark 3500-4500 Series
Lexmark Fax Solutions
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Money
Microsoft Money System Pack
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Norton 360
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
NVIDIA Update 1.5.20
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PDF Viewer 0.1
Realtek High Definition Audio Driver
RuneScape Launcher 1.0.4
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Segoe UI
Spybot - Search & Destroy
System Requirements Lab
System Requirements Lab CYRI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility
VCRedistSetup
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 12:47:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
31/01/2012 09:39:59, Error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
24/01/2012 01:28:06, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

Bobbye · Jan 31, 2012

Welcome back!

Please read all directions carefully: From GMER:
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

Please tell me what problems you're having that makes you suspect malware. The one entry removed in Malwarebytes was for:
{549B5CA7-4A86-11D7-A4DF-000874180BB3} (no name) (no file) Orphaned registry key installed by unidentified malware.

I see an entry showing "No File" that was for the AskToolbar.
=========================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.

If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't follow directions given to someone else
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

flash4203 · Jan 31, 2012

The reason i asked is because this computer does not run as fast as it used to run, it is very laggy. so i was suspect!

and with GMER the show all check box is greyed out and not clickerble.

Bobbye · Jan 31, 2012

There are many reasons for a slow computer- malware is just one of them:

1. How many processes do you have on the Startup Menu?
2. How many processes are running in the Task Manager?
3. How much RAM is installed?
4. Do you have automatic updates set? How many?
5. Do you have Schedules Tasks set? How many? (Some may be for #4)
6. Do you have a regular maintenance schedule set to do the following:

Delete temporary internet files and Cookies.

Do a disc cleanup

Do a defrag

Run the Error Checking.

7.When was the last time you did the maintenance?
Note: These questions are meant to be helpful to you. Many users don't realize that these need to be done regularly to keep the system running well.
===========================================
We'll check further and see if we're missing anything:

To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open the ESETOnlineScan

Skip to #4 to "Continue with the directions"

If you are using a browser other than Internet Explorer

Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window

Continue with the directions.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

If prompted for Recovery Console, please allow.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.[/b]

Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]

Note: No query will be made if the Recovery Console is already on the system.

.Close/disable all anti virus and anti malware programs
(If you need help with this, please see HERE)

.Close any open browsers.

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

flash4203 · Jan 31, 2012

before we do the scans to answer your questions

1. How many processes do you have on the Startup Menu?
Not sure but when i click start its empty

2. How many processes are running in the Task Manager?
79 processes

3. How much RAM is installed?
3GB

4. Do you have automatic updates set? How many?
Are these Windows update? or other programes that update themselfs at system startup?

5. Do you have Schedules Tasks set? How many? (Some may be for #4)
this i believe should be for norton and windows update? if so both.

6. Do you have a regular maintenance schedule set to do the following:•Delete temporary internet files and Cookies.
these get done once or twice a week with Norton and CCleaner

•Do a disc cleanup
•Do a defrag - Done with norton360??
•Run the Error Checking.

7.When was the last time you did the maintenance? Weekly
Note: These questions are meant to be helpful to you. Many users don't realize that these need to be done regularly to keep the system running well.

Scans to follow.

ESET no threats

flash4203 · Jan 31, 2012

ComboFix 12-01-30.02 - User 31/01/2012 20:54:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1392 [GMT 0:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL38D0.tmp
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 21:25 . 2012-01-31 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 21:25 . 2012-01-31 21:25 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-01-31 19:03 . 2012-01-31 19:03 -------- d-----w- c:\program files\ESET
2012-01-31 14:48 . 2012-01-31 14:48 -------- d-----w- c:\program files\Common Files\Java
2012-01-31 14:47 . 2012-01-31 14:47 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- c:\program files\Ask.com
2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- C:\FIND_MOZ_EXT
2012-01-31 14:39 . 2012-01-29 15:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\program files\Secunia
2012-01-31 14:36 . 2012-01-31 14:36 -------- d-----w- c:\program files\FileHippo.com
2012-01-31 13:48 . 2012-01-31 13:48 -------- d--h--w- c:\windows\PIF
2012-01-31 13:00 . 2012-01-31 13:50 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-01-31 00:38 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-31 00:38 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-31 00:38 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-31 00:38 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-31 00:38 . 2012-01-29 13:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-31 00:38 . 2012-01-29 13:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-31 00:34 . 2012-01-31 00:34 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\program files\iPod
2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\programdata\Apple Computer
2012-01-24 01:58 . 2012-01-24 01:58 -------- d-----w- c:\users\User\AppData\Local\Hewlett-Packard
2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\users\User\AppData\Roaming\Hewlett-Packard
2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\programdata\Hewlett-Packard
2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\program files\Hewlett-Packard
2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor
2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-01-24 01:42 . 2012-01-24 01:43 -------- d-----w- c:\program files\PC-Doctor for Windows
2012-01-24 01:42 . 2012-01-24 01:47 -------- d-----w- C:\hp
2012-01-24 01:39 . 2012-01-24 01:41 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
2012-01-24 01:39 . 2012-01-24 01:39 -------- d-----w- c:\windows\Hewlett-Packard
2012-01-24 00:16 . 2012-01-24 00:16 -------- d-----w- c:\users\User\AppData\Local\NVIDIA Corporation
2012-01-21 15:21 . 2012-01-21 15:21 -------- d-----w- c:\users\UpdatusUser
2012-01-21 15:18 . 2012-01-21 15:18 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-01-13 15:10 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-01-13 15:10 . 2010-12-24 15:27 892928 ----a-w- c:\windows\system32\iconv.dll
2012-01-13 15:10 . 2010-12-24 15:27 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-01-13 15:10 . 2011-01-15 14:08 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2012-01-13 15:10 . 2012-01-13 15:10 -------- d-----w- c:\program files\Aimersoft
2012-01-11 16:22 . 2012-01-11 16:22 -------- d-----w- c:\programdata\Audible
2012-01-11 16:15 . 2012-01-31 14:19 -------- d-----w- c:\users\User\AppData\Local\Audible
2012-01-11 16:10 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 16:10 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 16:10 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:09 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 16:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:09 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:09 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 09:36 . 2012-01-10 09:36 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2012-01-10 09:36 . 2003-03-18 21:20 1060864 ------w- c:\windows\system32\mfc71.dll
2012-01-10 09:36 . 2003-03-18 20:14 499712 ------w- c:\windows\system32\msvcp71.dll
2012-01-10 09:36 . 2001-08-17 22:43 24576 ------w- c:\windows\system32\msxml3a.dll
2012-01-10 09:35 . 2012-01-10 09:36 -------- d-----w- c:\program files\Audible
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 14:49 . 2011-05-14 20:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 14:47 . 2010-10-25 17:49 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 15:24 . 2010-10-25 11:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-23 13:37 . 2011-12-15 19:24 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:48 . 2002-01-01 00:10 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23 . 2002-01-01 00:10 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2002-01-01 00:10 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23 . 2002-01-01 00:10 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21 . 2002-01-01 00:10 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12 . 2002-01-01 00:10 9728 ----a-w- c:\windows\system32\lsass.exe
2011-11-08 14:42 . 2011-12-15 10:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-16 10:14 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-16 10:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 10:15 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-16 10:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-29 15:55 . 2012-01-31 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 12:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2008-09-10 77824]
.
c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Product Registration.lnk - c:\users\User\AppData\Local\Temp\is-HHKAI.tmp\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-24 16:58 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2009-07-30 18:10 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-06-29 17:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-08-18 08:58 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-11-09 17:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PSI
*Deregistered* - ufldqkob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tzu18q8h.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 21:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2012-01-31 21:44:38
ComboFix-quarantined-files.txt 2012-01-31 21:44
.
Pre-Run: 377,172,545,536 bytes free
Post-Run: 377,217,114,112 bytes free
.
- - End Of File - - FCBC7037F481B422E1778B4D0B423885

Bobbye · Feb 2, 2012

I'm seeing what appears to be web sites installed as Program Files: Examples:
FileHippo.com
HP
-----------------------
Run the following and then tell me if the speed has improved:

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
Folder::
c:\program files\FileHippo.com
c:\windows\PIF
c:\users\Default\AppData\Local\Microsoft Help
DDS::
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
mRunOnce: [PCDrProfiler] "c:\program files\pc-doctor for windows\RunProfiler.exe" -r
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"=-
"FileHippo.com"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
Clearjavacache::
CreateRestorePoint::
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
===========================================
Please uninstall the following in Add/remove Programs:
HP> the program
FileHippo.com
All ASK entries: Ask.com plus Ask Toolbar>>
Usually no one intentionally installs the Ask.com/Ask Toolbar. But rather it is either pre-checked on a download screen and the user doesn't uncheck it, or it is bundled with unrelated downloads and installed without you permission or knowledge. Regardless, it should be uninstalled in Add/remove Programs and it's folder deleted in the Programs list:
Use Windows Explorer to access Computer> Local Drive- usually C> Programs> do a right click> Delete on the program folder.
==========================================
About the number of processes running in the Task Manager: 79> we need to get that down to closer to 40.

About Startup: Click on Start> Run> type in msconfig> enter> Startup tab> how many processes are checked?

You are loading an running an enormous number of needless processes. Anything that load on boot and runs in the background is using system resources. As you surf and begin gathering temporary internet files, they are using more of the resources. At some point, you will get slower to load, slower to surf and slower to shut down.

How do you control this? By only starting processes on boot that need to run- surprisingly few:
Antivirus
Firewall
Touchpad if using laptop
Network is using Cico or Pure Networks
Nothing else (I have 5 processes checked)
What you need and when you need it, you start from All Programs when you need it
===============================
Hewlett-Packard
On 1/24/2012, I see all of these listed:

c:\users\User\AppData\Local\Hewlett-Packard
c:\users\User\AppData\Roaming\Hewlett-Packard
c:\programdata\Hewlett-Packard
c:\program files\Hewlett-Packard
C:\hp
c:\users\User\AppData\Roaming\HpUpdate
c:\windows\Hewlett-Packard

Hewelett-Packard is a company, a web site, available for downloads and a computer manufacturer. It also has printer software and drivers.

These are the only HP processes I see installed: You don't need any of them running in the background.
1. HP Advisor >> is a program that is preinstalled on HP computers. When run, this program will scan your computer for problems and provide advice on how to fix them or optimize the computer. Can be launched as needed.
2. HP My Display>> when you did the download from HP, it had the 'HP My Display' utility for the supported HP monitor models.The HP My Display utilty is a monitor control and calibration program- did you need it? No. With PlugNPlay in Windows, you already have it.
3. HP Product Detection >> Utility gathers product data and displays support information for maintanence .
4. HP Update >> You don't need HP contacting the internet several times every day, looking for an update
-------------------------------------
Some other 'not needed' processes that are running:
1. RunProfiles> PC Doctor>
This application from the PC Doctor software functions as the Hardware Diagnostic Tools Profiler. It scans hardware devices to resolve and repair damaged files and registry processes. Not recommended. We don't advise anyone using a registry cleaner. The risks far exceeds the gain (if any). If you need any type of diagnostics, run a program when and if needed- without registry modifications.
2. DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab>> running in the background to Lists system requirements to run games. Use when and if needed.

flash4203 · Feb 2, 2012

ComboFix with custom script
ComboFix 12-02-02.02 - User 02/02/2012 18:55:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1474 [GMT 0:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
c:\program files\FileHippo.com
c:\program files\FileHippo.com\UpdateChecker.exe.config
c:\users\Default\AppData\Local\Microsoft Help
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 19:23 . 2012-02-02 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 19:23 . 2012-02-02 19:23 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-01-31 14:48 . 2012-01-31 14:48 -------- d-----w- c:\program files\Common Files\Java
2012-01-31 14:47 . 2012-01-31 14:47 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- c:\program files\Ask.com
2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- C:\FIND_MOZ_EXT
2012-01-31 14:39 . 2012-01-29 15:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\program files\Secunia
2012-01-31 13:48 . 2012-01-31 13:48 -------- d--h--w- c:\windows\PIF
2012-01-31 13:00 . 2012-01-31 13:50 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-01-31 00:38 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-31 00:38 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-31 00:38 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-31 00:38 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-31 00:38 . 2012-01-29 13:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-31 00:38 . 2012-01-29 13:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-31 00:34 . 2012-01-31 00:34 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\program files\iPod
2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\programdata\Apple Computer
2012-01-24 01:58 . 2012-01-24 01:58 -------- d-----w- c:\users\User\AppData\Local\Hewlett-Packard
2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\users\User\AppData\Roaming\Hewlett-Packard
2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\programdata\Hewlett-Packard
2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\program files\Hewlett-Packard
2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor
2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-01-24 01:42 . 2012-01-24 01:43 -------- d-----w- c:\program files\PC-Doctor for Windows
2012-01-24 01:42 . 2012-01-24 01:47 -------- d-----w- C:\hp
2012-01-24 01:39 . 2012-01-24 01:41 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
2012-01-24 01:39 . 2012-01-24 01:39 -------- d-----w- c:\windows\Hewlett-Packard
2012-01-24 00:16 . 2012-01-24 00:16 -------- d-----w- c:\users\User\AppData\Local\NVIDIA Corporation
2012-01-21 15:21 . 2012-01-21 15:21 -------- d-----w- c:\users\UpdatusUser
2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-01-13 15:10 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-01-13 15:10 . 2010-12-24 15:27 892928 ----a-w- c:\windows\system32\iconv.dll
2012-01-13 15:10 . 2010-12-24 15:27 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-01-13 15:10 . 2011-01-15 14:08 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2012-01-13 15:10 . 2012-01-13 15:10 -------- d-----w- c:\program files\Aimersoft
2012-01-11 16:22 . 2012-01-11 16:22 -------- d-----w- c:\programdata\Audible
2012-01-11 16:15 . 2012-01-31 14:19 -------- d-----w- c:\users\User\AppData\Local\Audible
2012-01-11 16:10 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 16:10 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 16:10 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:09 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 16:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:09 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:09 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 09:36 . 2012-01-10 09:36 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2012-01-10 09:36 . 2003-03-18 21:20 1060864 ------w- c:\windows\system32\mfc71.dll
2012-01-10 09:36 . 2003-03-18 20:14 499712 ------w- c:\windows\system32\msvcp71.dll
2012-01-10 09:36 . 2001-08-17 22:43 24576 ------w- c:\windows\system32\msxml3a.dll
2012-01-10 09:35 . 2012-01-10 09:36 -------- d-----w- c:\program files\Audible
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 14:49 . 2011-05-14 20:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 14:47 . 2010-10-25 17:49 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 15:24 . 2010-10-25 11:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-23 13:37 . 2011-12-15 19:24 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:48 . 2002-01-01 00:10 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23 . 2002-01-01 00:10 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2002-01-01 00:10 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23 . 2002-01-01 00:10 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21 . 2002-01-01 00:10 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12 . 2002-01-01 00:10 9728 ----a-w- c:\windows\system32\lsass.exe
2011-11-08 14:42 . 2011-12-15 10:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-29 15:55 . 2012-01-31 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_21.26.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-25 11:07 . 2012-02-02 16:28 59588 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-10-25 11:07 . 2012-01-31 13:55 59588 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-02-02 16:28 79032 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-25 11:07 . 2012-02-02 16:28 12324 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1957138177-2925787731-1041521244-1000_UserData.bin
- 2006-11-02 13:02 . 2012-01-31 16:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2012-02-02 16:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2012-02-02 16:25 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2012-01-31 16:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2012-01-31 16:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2012-02-02 16:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-02 17:08 . 2012-02-02 17:08 22016 c:\windows\Installer\28ba50.msi
+ 2012-02-02 16:33 . 2012-02-02 16:33 75048 c:\windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe
+ 2012-02-02 16:25 . 2012-02-02 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-31 13:51 . 2012-01-31 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-02 16:25 . 2012-02-02 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-31 13:51 . 2012-01-31 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2012-02-02 16:31 655468 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-01-31 13:58 655468 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-01-31 13:58 125790 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2012-02-02 16:31 125790 c:\windows\System32\perfc009.dat
+ 2012-02-02 16:24 . 2012-02-02 16:25 371864 c:\windows\System32\FNTCACHE.DAT
+ 2010-10-22 15:14 . 2012-02-02 16:25 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-10-22 15:14 . 2012-01-31 14:37 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-10-24 17:44 . 2012-01-31 13:44 985760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-24 17:44 . 2012-01-31 23:59 985760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-25 22:33 . 2012-01-31 23:59 370080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-25 22:33 . 2012-01-31 13:44 370080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-02 16:33 . 2012-02-02 16:33 606720 c:\windows\Installer\68145.msi
+ 2012-02-02 16:33 . 2012-02-02 16:33 587048 c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
+ 2012-02-02 16:33 . 2012-02-02 16:33 587048 c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe
+ 2012-02-02 16:33 . 2012-02-02 16:33 587048 c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ARPPRODUCTICON.exe
+ 2012-02-02 16:31 . 2012-02-02 16:31 300328 c:\windows\Installer\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}\ARPPRODUCTICON.exe
+ 2012-02-02 16:32 . 2012-02-02 16:32 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe
+ 2012-02-02 16:32 . 2012-02-02 16:32 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ARPPRODUCTICON.exe
- 2006-11-02 10:22 . 2012-01-31 14:44 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2012-02-01 00:00 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-05-04 13:27 . 2012-01-31 23:59 2108564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957138177-2925787731-1041521244-1000-8192.dat
+ 2011-05-04 13:27 . 2012-01-31 23:59 9076316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957138177-2925787731-1041521244-1000-4096.dat
+ 2011-06-18 17:00 . 2012-01-31 23:59 1610612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957138177-2925787731-1041521244-1000-12288.dat
+ 2012-02-02 16:33 . 2012-02-02 16:33 1613312 c:\windows\Installer\6813f.msi
+ 2012-02-02 16:33 . 2012-02-02 16:33 2882048 c:\windows\Installer\68138.msi
+ 2012-02-02 16:32 . 2012-02-02 16:32 8826368 c:\windows\Installer\68131.msi
+ 2012-02-02 16:32 . 2012-02-02 16:32 2030080 c:\windows\Installer\6812a.msi
+ 2012-02-02 16:31 . 2012-02-02 16:31 11245568 c:\windows\Installer\68124.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 12:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Product Registration.lnk - c:\users\User\AppData\Local\Temp\is-HHKAI.tmp\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2009-07-30 18:10 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-06-29 17:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 12:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-08-18 08:58 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-11-09 17:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tzu18q8h.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-GoToAssist - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 19:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x458B0824
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2012-02-02 19:32:00
ComboFix-quarantined-files.txt 2012-02-02 19:31
ComboFix2.txt 2012-01-31 21:44
.
Pre-Run: 378,630,496,256 bytes free
Post-Run: 378,606,166,016 bytes free
.
- - End Of File - - 6AC1B42247A0B36F8B0036BCDBB84ED5

flash4203 · Feb 2, 2012

MSconfig

start up TAB

16 unchecked
7 checked

services TAB
Microsoft processed hidden

Everything unchecked apart from
Secunia
Malware bytes
Norton 360

Running processes now 59

Bobbye · Feb 2, 2012

Better to do the Services like this:

Boot into Safe Mode

Restart your computer and start pressing the F8 key on your keyboard.

Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Run> type in services.msc> Enter> You need to be very careful stopping Services. Some have dependencies they need running to run, and other Services may depend on this Service to run. I use Safe Mode to make any Service changes because you can handle the Dependencies in this mode.

But before making changes, I'd like you to compare with Black Viper's recommendations:
http://www.blackviper.com/2009/05/3...-vista-service-pack-2-service-configurations/
Everything you need to know about Services is there. Scroll down to the chart. You can get description of the Service and learn the dependencies.

Have you noticed any improvement in the system yet?

flash4203 · Feb 3, 2012

Yeah the computer does seem to be quicker when it goes into peoples profiles, it does hang a little between the welcome screen with the user windows, and the desktop.

Bobbye · Feb 6, 2012

does hang a little between the welcome screen with the user windows, and the desktop.

This is the personal data loading. The more you have, the longer it will take. And if it starts on boot and runs in the background, it will also delay the shutdown. Even if you have enough RAM on board, this loading or shutting down will take time.

Did you-or do you know if they do the maintenance I suggested. This system has Install Date: 02/01/2002. That's 10 years ago. A system in use this long would have to be treated tenderly. Regular maintenance is a must! There are no System Restore point showing. Either they don't know the value of having restore points handy or they like to live dangerously!

I think the best thing I can do for you here is have you run HijackThis. After I review the log, I can tell you which processes don't need to be running. You can then check them to have HJT stop them and if appropriate, uncheck them on the Startup Menu and/or put a Service on Manual if the program has a Service.
=======================================
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis and save to your desktop.

Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'

Extract it to the directory on your hard drive you created C:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Bobbye · Feb 12, 2012

I'm ready to close the thread. Reply if you still have problems.

TechSpot

[Inactive] Windows Vista SP2 possible malware?

flash4203 Newcomer, in training

flash4203 Newcomer, in training

flash4203 Newcomer, in training

flash4203 Newcomer, in training

flash4203 Newcomer, in training

Bobbye Helper on the Fringe

flash4203 Newcomer, in training

Bobbye Helper on the Fringe

flash4203 Newcomer, in training

flash4203 Newcomer, in training

Bobbye Helper on the Fringe

flash4203 Newcomer, in training

flash4203 Newcomer, in training

Bobbye Helper on the Fringe

flash4203 Newcomer, in training

Bobbye Helper on the Fringe

Bobbye Helper on the Fringe