Computer is suddenly slloooow

crystaleboo · July 2009

I recently switched from Norton 360 to Avira(free home edition). It seems that is when the problem started. I currently have Norton turned off but have not removed it from my programs in case I do not like Avira. I do not know if I somehow got a virus during this switch or what could be going on??? Please, please, please have a look at my logfile and help me fix my computer...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:02 PM, on 7/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: LastPass - [URL]file://C:\Program[/URL] Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - [URL]file://C:\Program[/URL] Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9ab39ecad5d83) (gupdate1c9ab39ecad5d83) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9613 bytes

chiaz · July 2009

Hello.

Please download Malwarebytes' Anti-Malware by clicking the link below:
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

crystaleboo · July 2009

ok here it is... already i have noticed an improvement

Malwarebytes' Anti-Malware 1.39
Database version: 2442
Windows 6.0.6002 Service Pack 2
7/16/2009 1:42:29 PM
mbam-log-2009-07-16 (13-42-29).txt
Scan type: Quick Scan
Objects scanned: 83837
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

ComboFix 09-07-14.08 - Crystale 07/18/2009 14:25.2.2 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1850 [GMT -4:00]
Running from: c:\users\Crystale\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\Install.inf
c:\windows\Installer\14e62d8.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.
2009-07-18 15:03 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVENG.SYS
2009-07-18 15:03 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVEX15.SYS
2009-07-18 15:03 . 2009-06-24 06:06 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVENG32.DLL
2009-07-18 15:03 . 2009-06-24 06:06 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVEX32A.DLL
2009-07-18 15:03 . 2009-06-24 06:06 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\EECTRL.SYS
2009-07-18 15:03 . 2009-06-24 06:06 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\ECMSVR32.DLL
2009-07-18 15:03 . 2009-06-24 06:06 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\CCERASER.DLL
2009-07-18 15:03 . 2009-06-24 06:06 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\ERASER.SYS
2009-07-17 17:39 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 17:39 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 17:39 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 17:39 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 17:39 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-16 17:35 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 17:35 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 17:35 . 2009-07-16 17:35

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 05:39 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:39 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 05:39 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:39 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 05:39 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 01:19 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-15 01:19 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-15 01:19 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-15 01:19 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-15 01:19 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-14 21:48 . 2009-07-14 21:48

d

w- c:\users\Crystale\AppData\Roaming\Avira
2009-07-14 20:40 . 2009-07-14 20:40

d

w- c:\program files\LastPass
2009-07-14 20:20 . 2009-07-14 20:11 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-14 20:20 . 2009-07-14 20:11 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-14 20:20 . 2009-07-14 20:20

d

w- c:\programdata\Avira
2009-07-14 20:20 . 2009-07-14 20:20

d

w- c:\program files\Avira
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-07 16:28 . 2009-07-07 16:28 488960 ----a-w- c:\users\Crystale\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-07-07 16:28 . 2009-07-07 16:28 319488 ----a-w- c:\users\Crystale\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-07-07 14:26 . 2009-07-15 05:59

d

w- c:\users\Crystale\AppData\Roaming\IMVU
2009-07-07 14:25 . 2009-07-07 14:25 80967 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\Uninstall.exe
2009-07-07 14:25 . 2009-07-07 14:25

d

w- c:\users\Crystale\AppData\Roaming\IMVUClient
2009-07-04 01:56 . 2009-07-05 16:11

d

w- c:\programdata\CA
2009-07-04 01:56 . 2009-07-05 16:10

d

w- c:\program files\CA
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\audiere.dll
2009-06-28 19:25 . 2009-06-28 19:25 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\regxpcom.exe
2009-06-24 19:10 . 2009-06-24 19:10

d

w- c:\program files\Common Files\Windows Live
2009-06-24 09:48 . 2009-06-24 09:49

d

w- c:\users\TEMP
2009-06-19 19:54 . 2009-05-06 00:33 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-19 19:54 . 2009-05-06 00:33 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:54 . 2009-05-06 00:33 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:54 . 2009-05-06 00:33 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:54 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 20:54 . 2009-01-13 03:43

d

w- c:\programdata\Google Updater
2009-07-16 17:46 . 2009-06-05 22:55 117760 ----a-w- c:\users\Crystale\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-15 07:02 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2009-07-04 18:06 . 2008-06-18 05:08

d

w- c:\program files\Google
2009-06-24 14:18 . 2009-06-05 22:54

d

w- c:\program files\SUPERAntiSpyware
2009-06-13 13:44 . 2009-06-13 13:44 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB371.tmp.exe
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 07:03 . 2008-06-18 05:11

d

w- c:\program files\Microsoft Works
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\pywintypes25.dll
2009-06-06 19:57 . 2009-06-06 19:56

d

w- c:\program files\QuickTime
2009-06-06 19:56 . 2009-06-06 19:56

d

w- c:\programdata\Apple Computer
2009-06-06 19:53 . 2009-06-06 19:53

d

w- c:\program files\Apple Software Update
2009-06-06 19:53 . 2009-06-06 19:53

d

w- c:\programdata\Apple
2009-06-06 17:31 . 2006-11-02 12:37

d

w- c:\program files\Windows Calendar
2009-06-06 17:31 . 2006-11-02 12:37

d

w- c:\program files\Windows Sidebar
2009-06-06 17:31 . 2006-11-02 12:37

d

w- c:\program files\Windows Photo Gallery
2009-06-06 17:31 . 2006-11-02 12:37

d

w- c:\program files\Windows Journal
2009-06-06 17:31 . 2006-11-02 12:37

d

w- c:\program files\Windows Defender
2009-06-06 17:31 . 2006-11-02 12:37

d

w- c:\program files\Windows Collaboration
2009-06-06 17:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-06 17:29 . 2009-06-06 17:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-06 15:47 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-06 15:02 . 2009-06-06 15:02

d

w- c:\users\Crystale\AppData\Roaming\Roxio
2009-06-06 15:02 . 2009-06-06 15:02

d

w- c:\programdata\Roxio
2009-06-05 22:54 . 2009-06-05 22:54

d

w- c:\programdata\SUPERAntiSpyware.com
2009-06-05 22:54 . 2009-06-05 22:54

d

w- c:\users\Crystale\AppData\Roaming\SUPERAntiSpyware.com
2009-06-05 22:53 . 2009-06-05 22:53

d

w- c:\program files\Common Files\Wise Installation Wizard
2009-06-03 00:39 . 2009-05-31 23:52

d

w- c:\program files\Spybot - Search & Destroy
2009-06-03 00:02 . 2009-05-31 23:52

d

w- c:\programdata\Spybot - Search & Destroy
2009-06-01 12:37 . 2009-06-01 12:37

d

w- c:\users\Crystale\AppData\Roaming\Malwarebytes
2009-06-01 12:37 . 2009-06-01 12:37

d

w- c:\programdata\Malwarebytes
2009-05-31 03:45 . 2009-05-28 19:40

d

w- c:\programdata\NCH Swift Sound
2009-05-31 03:45 . 2009-05-28 19:40

d

w- c:\users\Crystale\AppData\Roaming\NCH Swift Sound
2009-05-31 03:45 . 2009-05-28 19:39

d

w- c:\program files\NCH Swift Sound
2009-05-29 06:40 . 2009-05-29 06:40

d

w- c:\program files\Trend Micro
2009-05-29 06:23 . 2009-05-06 00:33

d

w- c:\program files\Symantec
2009-05-29 06:18 . 2009-05-29 06:18

d

r- c:\program files\Norton Support
2009-05-28 20:35 . 2009-05-28 20:16

d

w- c:\program files\AVS4YOU
2009-05-28 20:35 . 2009-05-28 20:16

d

w- c:\program files\Common Files\AVSMedia
2009-05-28 20:16 . 2009-05-28 20:16

d

w- c:\programdata\AVS4YOU
2009-05-28 20:16 . 2009-05-28 20:16

d

w- c:\users\Crystale\AppData\Roaming\AVS4YOU
2009-05-28 19:40 . 2009-05-28 19:40

d

w- c:\program files\NCH Software
2009-05-16 14:04 . 2009-05-16 14:04 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-09 05:50 . 2009-06-10 02:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 02:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 00:33 . 2009-05-06 00:33 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 00:33 . 2009-05-06 00:34 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-05-06 00:33 . 2009-06-12 19:42 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-05-06 00:33 . 2009-06-12 19:42 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-05-06 00:33 . 2009-06-12 19:42 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-05-06 00:33 . 2009-05-06 00:33 1290592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-06 00:33 . 2009-05-06 00:33 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-06 00:33 . 2009-06-12 19:42 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-05-06 00:33 . 2009-05-06 00:33 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-05-06 00:18 . 2009-05-06 00:13 74949864 ----a-w- c:\programdata\Symantec Temporary Files\N360S300EN.exe
2009-04-23 12:15 . 2009-06-10 02:52 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 02:52 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-10 02:52 2034688 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-06 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-07-14 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-18 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-18 05:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e9,e7,2f,6e,cd,e6,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{78A11F00-7157-4D15-88F9-592545368EAE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{41F6E6D1-04AD-4E27-8822-B2C0CBE06DEB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C7C3CA04-C547-40A7-BF75-A95A5CF0A3BE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EF36D293-6D92-44CF-9D08-9CE44ED658C2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B1B0911-E4BC-4F50-AB41-E5022C58886A}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{CAE8090C-DBFD-4A39-B6AE-CB8AD4F82327}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [5/5/2009 8:33 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [5/5/2009 8:33 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [5/5/2009 8:33 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys [7/17/2009 1:39 PM 293424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/14/2009 4:20 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2009 4:20 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/14/2009 4:20 PM 434945]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/5/2009 8:33 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/5/2009 8:51 PM 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [5/5/2009 8:33 PM 39984]
S2 gupdate1c9ab39ecad5d83;Google Update Service (gupdate1c9ab39ecad5d83);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2009 6:02 PM 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/18/2008 1:09 AM 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-18 21:54]
2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 22:02]
2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 22:02]
2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{63033B7C-4C80-48D6-93B5-7651C8DB091A}.job
- c:\windows\system32\msfeedssync.exe [2009-05-06 11:31]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.com/ig
IE: LastPass - [URL]file://c:\program[/URL] files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - [URL]file://c:\program[/URL] files\LastPass\context.html?cmd=fillforms
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 14:29
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-18 14:31
ComboFix-quarantined-files.txt 2009-07-18 18:31
ComboFix2.txt 2009-06-03 00:09
Pre-Run: 237,329,948,672 bytes free
Post-Run: 237,254,311,936 bytes free
292 --- E O F --- 2009-07-15 07:02

chiaz · July 2009

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

c:\windows\system32\lpk.dll

Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see later.

If Jotti is busy, please go to http://www.virustotal.com.

===================================================================

Next please go on HERE to run Panda ActiveScan 2.0

Click the big green Scan now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
Once the scan is completed, please hit the notepad icon next to the text Export to:
Save it to a convenient location such as your Desktop
Post the contents of the ActiveScan.txt in your next reply, along with the Jotti/VirusTotal results.

crystaleboo · July 2009

Scan finished. 0 out of 21 scanners reported malware.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-19 06:39:06
PROTECTIONS: 2
MALWARE: 25
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.1505.0 No Yes
SUPERAntiSpyware 4, 26, 0, 1006 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\users\crystale\favorites\shop
00055151 V6000 Virus No 0 No No C:\Users\Crystale\AppData\Roaming\SecondLife\cache\textures\a\a3336aba-0866-762b-d2d0-ed625ebae0d5
00055151 V6000 Virus No 0 No No D:\CRYSTALE-PC\Backup Set 2009-05-05 213023\Backup Files 2009-05-17 030000\Backup files 1.zip[C\Users\Crystale\AppData\Roaming\SecondLife\cache\textures\a\a3336aba-0866-762b-d2d0-ed625ebae0d5]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@mediaplex[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@www.burstbeacon[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@server.iad.liveperson[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\crystale@go[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location ï¿½ï¿½ï¿½ï¿½ï¿½: ï¿½9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ï¿½ï¿½ï¿½ï¿½ï¿½: ï¿½9
;===================================================================================================================================================================================
;===================================================================================================================================================================================

crystaleboo · July 2009

Just an FYI I had to restore my system recently due to a bad thunderstorm, so I'm assuming my computer was REinfected?

chiaz · July 2009

crystaleboo wrote:

Just an FYI I had to restore my system recently due to a bad thunderstorm, so I'm assuming my computer was REinfected?

When was this?

crystaleboo · July 2009

A little more than a week ago. i see that one of the infected files is part of my backup so its a guess thats what happened... One of the files is from second life which I have removed that program more than a month ago.

chiaz · July 2009

It's OK if you had restored your system for more than a week now, after all we only started disinfection here about 5 days ago. Our work was not wasted.

One of the files is from second life which I have removed that program more than a month ago.

Since you intended to remove Second Life, you may want to uninstall the program altogether.

==================================================================

Please navigate to and delete the following:
c:\users\crystale\favorites\shop
C:\Users\Crystale\AppData\Roaming\SecondLife\cache\textures\a\a3336aba-0866-762b-d2d0-ed625ebae0d5
00055151
D:\CRYSTALE-PC\Backup Set 2009-05-05 213023\Backup Files 2009-05-17 030000\Backup files 1.zip

Restart your computer once.

How's your PC running now?

crystaleboo · July 2009

Much improved!

chiaz · July 2009

I think our work is done here - your PC should be clean now.

It's time to remove ComboFix.

Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u

Press Enter.

This command will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Would be great if you can reply once to this thread after you have read it so that I can have this thread archived.

crystaleboo · July 2009

Thank you for your help

chiaz · July 2009

Glad we could be of assistance! This topic is now closed.

If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

Computer is suddenly slloooow

Comments