Computer is suddenly slloooow

crystaleboocrystaleboo Florida
edited July 2009 in Spyware & Virus Removal
I recently switched from Norton 360 to Avira(free home edition). It seems that is when the problem started. I currently have Norton turned off but have not removed it from my programs in case I do not like Avira. I do not know if I somehow got a virus during this switch or what could be going on??? Please, please, please have a look at my logfile and help me fix my computer...:confused:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:02 PM, on 7/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: LastPass - [URL]file://C:\Program[/URL] Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - [URL]file://C:\Program[/URL] Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9ab39ecad5d83) (gupdate1c9ab39ecad5d83) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9613 bytes

Comments

  • edited July 2009
    Hello. :)

    Please download Malwarebytes' Anti-Malware by clicking the link below:
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * You'll be required to post the contents of this log later.

    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
  • crystaleboocrystaleboo Florida
    edited July 2009
    ok here it is... already i have noticed an improvement :)

    Malwarebytes' Anti-Malware 1.39
    Database version: 2442
    Windows 6.0.6002 Service Pack 2
    7/16/2009 1:42:29 PM
    mbam-log-2009-07-16 (13-42-29).txt
    Scan type: Quick Scan
    Objects scanned: 83837
    Time elapsed: 3 minute(s), 59 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)









    ComboFix 09-07-14.08 - Crystale 07/18/2009 14:25.2.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1850 [GMT -4:00]
    Running from: c:\users\Crystale\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\Downloaded Program Files\Install.inf
    c:\windows\Installer\14e62d8.msi
    .
    ((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
    .
    2009-07-18 15:03 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVENG.SYS
    2009-07-18 15:03 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVEX15.SYS
    2009-07-18 15:03 . 2009-06-24 06:06 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVENG32.DLL
    2009-07-18 15:03 . 2009-06-24 06:06 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\NAVEX32A.DLL
    2009-07-18 15:03 . 2009-06-24 06:06 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\EECTRL.SYS
    2009-07-18 15:03 . 2009-06-24 06:06 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\ECMSVR32.DLL
    2009-07-18 15:03 . 2009-06-24 06:06 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\CCERASER.DLL
    2009-07-18 15:03 . 2009-06-24 06:06 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.003\ERASER.SYS
    2009-07-17 17:39 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
    2009-07-17 17:39 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
    2009-07-17 17:39 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
    2009-07-17 17:39 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
    2009-07-17 17:39 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
    2009-07-16 17:35 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-16 17:35 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-16 17:35 . 2009-07-16 17:35
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-15 05:39 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 05:39 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 05:39 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 05:39 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-15 05:39 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 01:19 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
    2009-07-15 01:19 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
    2009-07-15 01:19 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
    2009-07-15 01:19 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
    2009-07-15 01:19 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
    2009-07-14 21:48 . 2009-07-14 21:48
    d
    w- c:\users\Crystale\AppData\Roaming\Avira
    2009-07-14 20:40 . 2009-07-14 20:40
    d
    w- c:\program files\LastPass
    2009-07-14 20:20 . 2009-07-14 20:11 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-14 20:20 . 2009-07-14 20:11 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-07-14 20:20 . 2009-07-14 20:20
    d
    w- c:\programdata\Avira
    2009-07-14 20:20 . 2009-07-14 20:20
    d
    w- c:\program files\Avira
    2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
    2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
    2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
    2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
    2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
    2009-07-07 16:28 . 2009-07-07 16:28 488960 ----a-w- c:\users\Crystale\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
    2009-07-07 16:28 . 2009-07-07 16:28 319488 ----a-w- c:\users\Crystale\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    2009-07-07 14:26 . 2009-07-15 05:59
    d
    w- c:\users\Crystale\AppData\Roaming\IMVU
    2009-07-07 14:25 . 2009-07-07 14:25 80967 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\Uninstall.exe
    2009-07-07 14:25 . 2009-07-07 14:25
    d
    w- c:\users\Crystale\AppData\Roaming\IMVUClient
    2009-07-04 01:56 . 2009-07-05 16:11
    d
    w- c:\programdata\CA
    2009-07-04 01:56 . 2009-07-05 16:10
    d
    w- c:\program files\CA
    2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\IMVUupdater.exe
    2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\IMVUClient.exe
    2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\imvuqualityagent.exe
    2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\SceneWindow.dll
    2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\MemoryHook.dll
    2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\cal3d.dll
    2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\CallStack.dll
    2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\boost_python.dll
    2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\audiere.dll
    2009-06-28 19:25 . 2009-06-28 19:25 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpcshell.exe
    2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\crashreporter.exe
    2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xulrunner-stub.exe
    2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xulrunner.exe
    2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\mangle.exe
    2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\shlibsign.exe
    2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpidl.exe
    2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\updater.exe
    2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpt_dump.exe
    2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\xpt_link.exe
    2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\ssltunnel.exe
    2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\GeckoBin\regxpcom.exe
    2009-06-24 19:10 . 2009-06-24 19:10
    d
    w- c:\program files\Common Files\Windows Live
    2009-06-24 09:48 . 2009-06-24 09:49
    d
    w- c:\users\TEMP
    2009-06-19 19:54 . 2009-05-06 00:33 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
    2009-06-19 19:54 . 2009-05-06 00:33 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
    2009-06-19 19:54 . 2009-05-06 00:33 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
    2009-06-19 19:54 . 2009-05-06 00:33 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
    2009-06-19 19:54 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-17 20:54 . 2009-01-13 03:43
    d
    w- c:\programdata\Google Updater
    2009-07-16 17:46 . 2009-06-05 22:55 117760 ----a-w- c:\users\Crystale\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-07-15 07:02 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2009-07-04 18:06 . 2008-06-18 05:08
    d
    w- c:\program files\Google
    2009-06-24 14:18 . 2009-06-05 22:54
    d
    w- c:\program files\SUPERAntiSpyware
    2009-06-13 13:44 . 2009-06-13 13:44 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB371.tmp.exe
    2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\ui\plugins\npswf32.dll
    2009-06-10 07:03 . 2008-06-18 05:11
    d
    w- c:\program files\Microsoft Works
    2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\pixomatic.dll
    2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\w9xpopen.exe
    2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\MSVCR71.dll
    2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\pythoncom25.dll
    2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\python25.dll
    2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\users\Crystale\AppData\Roaming\IMVUClient\pywintypes25.dll
    2009-06-06 19:57 . 2009-06-06 19:56
    d
    w- c:\program files\QuickTime
    2009-06-06 19:56 . 2009-06-06 19:56
    d
    w- c:\programdata\Apple Computer
    2009-06-06 19:53 . 2009-06-06 19:53
    d
    w- c:\program files\Apple Software Update
    2009-06-06 19:53 . 2009-06-06 19:53
    d
    w- c:\programdata\Apple
    2009-06-06 17:31 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Calendar
    2009-06-06 17:31 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Sidebar
    2009-06-06 17:31 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Photo Gallery
    2009-06-06 17:31 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Journal
    2009-06-06 17:31 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Defender
    2009-06-06 17:31 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Collaboration
    2009-06-06 17:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-06-06 17:29 . 2009-06-06 17:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-06-06 15:47 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
    2009-06-06 15:02 . 2009-06-06 15:02
    d
    w- c:\users\Crystale\AppData\Roaming\Roxio
    2009-06-06 15:02 . 2009-06-06 15:02
    d
    w- c:\programdata\Roxio
    2009-06-05 22:54 . 2009-06-05 22:54
    d
    w- c:\programdata\SUPERAntiSpyware.com
    2009-06-05 22:54 . 2009-06-05 22:54
    d
    w- c:\users\Crystale\AppData\Roaming\SUPERAntiSpyware.com
    2009-06-05 22:53 . 2009-06-05 22:53
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-03 00:39 . 2009-05-31 23:52
    d
    w- c:\program files\Spybot - Search & Destroy
    2009-06-03 00:02 . 2009-05-31 23:52
    d
    w- c:\programdata\Spybot - Search & Destroy
    2009-06-01 12:37 . 2009-06-01 12:37
    d
    w- c:\users\Crystale\AppData\Roaming\Malwarebytes
    2009-06-01 12:37 . 2009-06-01 12:37
    d
    w- c:\programdata\Malwarebytes
    2009-05-31 03:45 . 2009-05-28 19:40
    d
    w- c:\programdata\NCH Swift Sound
    2009-05-31 03:45 . 2009-05-28 19:40
    d
    w- c:\users\Crystale\AppData\Roaming\NCH Swift Sound
    2009-05-31 03:45 . 2009-05-28 19:39
    d
    w- c:\program files\NCH Swift Sound
    2009-05-29 06:40 . 2009-05-29 06:40
    d
    w- c:\program files\Trend Micro
    2009-05-29 06:23 . 2009-05-06 00:33
    d
    w- c:\program files\Symantec
    2009-05-29 06:18 . 2009-05-29 06:18
    d
    r- c:\program files\Norton Support
    2009-05-28 20:35 . 2009-05-28 20:16
    d
    w- c:\program files\AVS4YOU
    2009-05-28 20:35 . 2009-05-28 20:16
    d
    w- c:\program files\Common Files\AVSMedia
    2009-05-28 20:16 . 2009-05-28 20:16
    d
    w- c:\programdata\AVS4YOU
    2009-05-28 20:16 . 2009-05-28 20:16
    d
    w- c:\users\Crystale\AppData\Roaming\AVS4YOU
    2009-05-28 19:40 . 2009-05-28 19:40
    d
    w- c:\program files\NCH Software
    2009-05-16 14:04 . 2009-05-16 14:04 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2009-05-09 05:50 . 2009-06-10 02:52 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-10 02:52 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-05-06 00:33 . 2009-05-06 00:33 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-05-06 00:33 . 2009-05-06 00:34 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2009-05-06 00:33 . 2009-06-12 19:42 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
    2009-05-06 00:33 . 2009-06-12 19:42 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
    2009-05-06 00:33 . 2009-06-12 19:42 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
    2009-05-06 00:33 . 2009-05-06 00:33 1290592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
    2009-05-06 00:33 . 2009-05-06 00:33 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
    2009-05-06 00:33 . 2009-06-12 19:42 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
    2009-05-06 00:33 . 2009-05-06 00:33 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
    2009-05-06 00:18 . 2009-05-06 00:13 74949864 ----a-w- c:\programdata\Symantec Temporary Files\N360S300EN.exe
    2009-04-23 12:15 . 2009-06-10 02:52 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-23 12:14 . 2009-06-10 02:52 623616 ----a-w- c:\windows\system32\localspl.dll
    2009-04-21 11:39 . 2009-06-10 02:52 2034688 ----a-w- c:\windows\system32\win32k.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-06 30192]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-07-14 209153]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-18 50688]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-06-18 05:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=&quot;FSFilter Activity Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):e9,e7,2f,6e,cd,e6,c9,01
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{78A11F00-7157-4D15-88F9-592545368EAE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{41F6E6D1-04AD-4E27-8822-B2C0CBE06DEB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{C7C3CA04-C547-40A7-BF75-A95A5CF0A3BE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{EF36D293-6D92-44CF-9D08-9CE44ED658C2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{2B1B0911-E4BC-4F50-AB41-E5022C58886A}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
    "{CAE8090C-DBFD-4A39-B6AE-CB8AD4F82327}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [5/5/2009 8:33 PM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [5/5/2009 8:33 PM 258608]
    R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [5/5/2009 8:33 PM 482352]
    R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys [7/17/2009 1:39 PM 293424]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
    R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/14/2009 4:20 PM 194817]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2009 4:20 PM 108289]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/14/2009 4:20 PM 434945]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/5/2009 8:33 PM 115560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/5/2009 8:51 PM 101936]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [5/5/2009 8:33 PM 39984]
    S2 gupdate1c9ab39ecad5d83;Google Update Service (gupdate1c9ab39ecad5d83);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2009 6:02 PM 133104]
    S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/18/2008 1:09 AM 30192]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder
    2009-07-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-18 21:54]
    2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 22:02]
    2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 22:02]
    2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{63033B7C-4C80-48D6-93B5-7651C8DB091A}.job
    - c:\windows\system32\msfeedssync.exe [2009-05-06 11:31]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com/ig
    IE: LastPass - [URL]file://c:\program[/URL] files\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - [URL]file://c:\program[/URL] files\LastPass\context.html?cmd=fillforms
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-18 14:29
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2009-07-18 14:31
    ComboFix-quarantined-files.txt 2009-07-18 18:31
    ComboFix2.txt 2009-06-03 00:09
    Pre-Run: 237,329,948,672 bytes free
    Post-Run: 237,254,311,936 bytes free
    292 --- E O F --- 2009-07-15 07:02
  • edited July 2009
    Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

    c:\windows\system32\lpk.dll

    Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see later.

    If Jotti is busy, please go to http://www.virustotal.com.

    ===================================================================

    Next please go on HERE to run Panda ActiveScan 2.0
    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply, along with the Jotti/VirusTotal results.
  • crystaleboocrystaleboo Florida
    edited July 2009
    Scan finished. 0 out of 21 scanners reported malware.


    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-07-19 06:39:06
    PROTECTIONS: 2
    MALWARE: 25
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Windows Defender 1.1.1505.0 No Yes
    SUPERAntiSpyware 4, 26, 0, 1006 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00039204 adware/cws Adware No 0 Yes No c:\users\crystale\favorites\shop
    00055151 V6000 Virus No 0 No No C:\Users\Crystale\AppData\Roaming\SecondLife\cache\textures\a\a3336aba-0866-762b-d2d0-ed625ebae0d5
    00055151 V6000 Virus No 0 No No D:\CRYSTALE-PC\Backup Set 2009-05-05 213023\Backup Files 2009-05-17 030000\Backup files 1.zip[C\Users\Crystale\AppData\Roaming\SecondLife\cache\textures\a\a3336aba-0866-762b-d2d0-ed625ebae0d5]
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@trafficmp[2].txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@casalemedia[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@doubleclick[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@atdmt[1].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@fastclick[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@tribalfusion[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@mediaplex[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@ad.yieldmanager[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@apmebf[1].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@burstnet[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@bs.serving-sys[1].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@www.burstbeacon[1].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@server.iad.liveperson[3].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@advertising[2].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@ads.pointroll[2].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@realmedia[2].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@questionmarket[1].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@zedo[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@bluestreak[2].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@adrevolver[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\Low\crystale@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Crystale\AppData\Roaming\Microsoft\Windows\Cookies\crystale@go[1].txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location �����: �9
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description �����: �9
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  • crystaleboocrystaleboo Florida
    edited July 2009
    Just an FYI I had to restore my system recently due to a bad thunderstorm, so I'm assuming my computer was REinfected?
  • edited July 2009
    Just an FYI I had to restore my system recently due to a bad thunderstorm, so I'm assuming my computer was REinfected?
    When was this?
  • crystaleboocrystaleboo Florida
    edited July 2009
    A little more than a week ago. i see that one of the infected files is part of my backup so its a guess thats what happened... One of the files is from second life which I have removed that program more than a month ago.
  • edited July 2009
    It's OK if you had restored your system for more than a week now, after all we only started disinfection here about 5 days ago. Our work was not wasted. :)

    One of the files is from second life which I have removed that program more than a month ago.
    Since you intended to remove Second Life, you may want to uninstall the program altogether.

    ==================================================================

    Please navigate to and delete the following:
    c:\users\crystale\favorites\shop
    C:\Users\Crystale\AppData\Roaming\SecondLife\cache\textures\a\a3336aba-0866-762b-d2d0-ed625ebae0d5
    00055151

    D:\CRYSTALE-PC\Backup Set 2009-05-05 213023\Backup Files 2009-05-17 030000\Backup files 1.zip


    Restart your computer once.


    How's your PC running now?
  • crystaleboocrystaleboo Florida
    edited July 2009
    Much improved!
  • edited July 2009
    I think our work is done here - your PC should be clean now.

    It's time to remove ComboFix.

    Go to to Start > Run
    Type in box

    combofix /u

    Note: the space between the X and the /u

    Press Enter.

    This command will:

    Delete the following:
    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:\Deckard folder, if present
    The C:_OtMoveIt folder, if present

    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.



    Would be great if you can reply once to this thread after you have read it so that I can have this thread archived. :)
  • crystaleboocrystaleboo Florida
    edited July 2009
    Thank you for your help :)
  • edited July 2009
    Glad we could be of assistance! This topic is now closed.

    If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
Sign In or Register to comment.