Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer is running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer is running slow

Unread postby Dreemerz » May 30th, 2008, 4:44 pm

Hi! I recently got help from this website and found the replies to be very helpful and quick. So I'm here again in hopes that I can make this computer run more smoothly.

I'm on another computer right now and noticed that it's pretty slow. Things usually take a while to open and it only seems fast when it's running one thing at a time. The task manager cpu usage tends to jump around from 0% to 25%. But it mostly only spikes up to 10% or so at times.

The person who normally used this computer isn't the best with them. They don't really run updates, never turn it off, not really careful on the internet etc. So I'd imagine it's infected by quite a bit and that's what is slowing it down. I'm worried that there is just a bunch of malware, virus, trojans, keyloggers and all that possibly on it. They also have a habit of just installing a bunch of random things and never getting rid of it.

I've already placed Spybot Search & Destory, Avast! Anti Virus, Ad Aware SE, and ZoneAlarm Firewall onto it for protection. I've also gone ahead and uninstalled a few obvious things that are risky to the computer. They had Kazaa, Napster and Limewire on it. I have already removed those through the Add/Remove programs.

The computer also gives two DLL errors when it starts up. Those are listed below.

RunDLL

Error loading C:\WINDOWS\system32\dcdinqyw.dll

The specified module could not be found.

Error loading C:\WINDOWS\system32\spoxyhnp.dll

The specified module could not be found.

Here is a HiJack This Log. I've also gotten permission to clean out this computer the best I can. The person who will use this once I get my own fixed (Motherboard is broken :( ) wants it to run fast again. The computer itself isn't too great, but I feel it should be running better then it is now.

HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:45 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6533C096-0400-7DAB-0017-5D00B8C98D91} - C:\WINDOWS\system32\mlebq.dll (file missing)
O2 - BHO: (no name) - {6C299039-8A39-4CA0-9E3B-CF513A68B886} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [a846c692] rundll32.exe "C:\WINDOWS\system32\dcdinqyw.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BMab75f50e] Rundll32.exe "C:\WINDOWS\system32\spoxyhnp.dll",s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\YSTEM3~1\netdde.exe" -vt ndrv
O4 - HKCU\..\Run: [Rlnc] C:\WINDOWS\??sks\?ttrib.exe
O4 - HKCU\..\Run: [Ywe] "C:\Documents and Settings\Owner\My Documents\s?curity\w?auclt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: qomliff - qomliff.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11453 bytes
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am
Advertisement
Register to Remove

Re: Computer is running slow

Unread postby Shaba » June 1st, 2008, 4:57 am

Hi Dreemerz

Does Symantec have firewall/antivirus?

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 1st, 2008, 5:01 pm

Shaba wrote:Does Symantec have firewall/antivirus?


Symantec expired on this computer a long time ago if I remember correctly. It's why I put Avast! and ZoneAlarm on here. I wasn't even aware that Symantec was still on the computer.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:31 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6533C096-0400-7DAB-0017-5D00B8C98D91} - C:\WINDOWS\system32\mlebq.dll (file missing)
O2 - BHO: (no name) - {6C299039-8A39-4CA0-9E3B-CF513A68B886} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [a846c692] rundll32.exe "C:\WINDOWS\system32\dcdinqyw.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BMab75f50e] Rundll32.exe "C:\WINDOWS\system32\spoxyhnp.dll",s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\YSTEM3~1\netdde.exe" -vt ndrv
O4 - HKCU\..\Run: [Rlnc] C:\WINDOWS\??sks\?ttrib.exe
O4 - HKCU\..\Run: [Ywe] "C:\Documents and Settings\Owner\My Documents\s?curity\w?auclt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O20 - Winlogon Notify: qomliff - qomliff.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10682 bytes


ComboFix Log

ComboFix 08-06-01.3 - Owner 2008-06-01 13:33:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.114 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\MBOLS~1
C:\Documents and Settings\Owner\Application Data\MCROSO~1.NET
C:\Documents and Settings\Owner\My Documents\DOBE~1
C:\Documents and Settings\Owner\My Documents\PPPATC~1
C:\Documents and Settings\Owner\My Documents\SCURIT~1
C:\Documents and Settings\Owner\My Documents\SEMBLY~1
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\icroso~1.net
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\racle~1
C:\Program Files\RcvSystem
C:\Program Files\scurit~1
C:\WINDOWS\BMab75f50e.xml
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\pskt.ini
C:\WINDOWS\sks~1
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\stem~1
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\gaxdxptw.ini
C:\WINDOWS\system32\gkkgfmwu.ini
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\kgdcgavv.ini
C:\WINDOWS\system32\ktbbltvg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjuhnysk.ini
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\vwhxmnxp.ini
C:\WINDOWS\system32\xsxaucjv.ini
C:\WINDOWS\system32\xyasvsqn.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-05-30 13:37 . 2008-05-30 13:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 13:24 . 2008-05-30 13:24 <DIR> d-------- C:\Program Files\Gus Verdun
2008-05-30 13:19 . 2008-05-30 13:21 <DIR> d-------- C:\Program Files\AIM6
2008-05-30 10:51 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-30 10:51 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-30 10:51 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-05-30 10:51 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-30 10:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-05-30 10:51 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-30 10:51 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-05-30 10:51 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-05-30 10:51 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-05-30 10:51 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-30 10:50 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-30 10:50 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-05-30 10:50 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-30 10:50 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-05-30 10:50 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-30 10:50 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-30 10:48 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-30 10:48 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-05-30 10:48 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-05-30 10:48 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-30 10:48 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-30 10:48 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-30 10:48 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-30 10:48 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-05-30 10:47 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-05-30 10:47 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-05-30 10:42 . 2008-05-30 11:59 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2008-05-30 10:36 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-30 10:25 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-30 10:25 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-29 13:33 . 2008-05-29 13:33 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-29 13:33 . 2008-05-29 13:33 681 --a------ C:\WINDOWS\mozver.dat
2008-05-24 17:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-24 17:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-24 17:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-24 03:07 . 2008-05-24 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-24 02:40 . 2008-05-24 02:40 <DIR> d-------- C:\Program Files\KeyScrambler
2008-05-24 02:40 . 2008-03-22 14:37 113,896 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2008-05-23 22:28 . 2008-05-31 23:41 <DIR> d-------- C:\Program Files\City of Heroes
2008-05-23 22:18 . 2008-05-23 22:18 <DIR> d-------- C:\Logs
2008-05-23 20:47 . 2008-05-23 20:54 <DIR> d-------- C:\Documents and Settings\Owner\Contacts
2008-05-23 20:46 . 2008-05-23 20:46 268 --ah----- C:\sqmdata00.sqm
2008-05-23 20:46 . 2008-05-23 20:46 244 --ah----- C:\sqmnoopt00.sqm
2008-05-23 20:45 . 2008-05-23 20:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-23 19:20 . 2008-05-23 20:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-23 19:18 . 2008-05-23 20:51 <DIR> d-------- C:\Program Files\Windows Live
2008-05-23 19:17 . 2008-05-23 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 18:57 . 2008-05-23 22:22 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-23 18:57 . 2008-05-23 18:57 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 18:40 . 2008-05-23 18:40 <DIR> d-------- C:\Program Files\Razer
2008-05-23 18:40 . 2001-01-03 19:12 162,900 --------- C:\WINDOWS\system32\drivers\USBICP.sys
2008-05-23 18:40 . 2006-11-22 14:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl
2008-05-23 18:40 . 2006-11-14 15:29 22,144 --a------ C:\WINDOWS\system32\drivers\dadder.sys
2008-05-23 18:32 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-23 18:32 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-23 18:29 . 2008-05-23 18:29 0 --a------ C:\WINDOWS\system32\drivers\SET21.tmp
2008-05-23 18:25 . 2008-05-23 18:25 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe
2008-05-23 18:25 . 2008-05-23 18:25 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-05-23 18:25 . 2008-05-23 18:25 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-05-23 18:25 . 2008-05-23 18:25 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2008-05-23 18:23 . 2008-05-23 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-15 16:34 . 2008-05-15 16:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-15 16:34 . 2008-05-15 16:34 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 20:41 7,292,960 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 20:39 86,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-30 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-30 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-05-30 19:05 --------- d-----w C:\Program Files\Viewpoint
2008-05-30 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-25 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-24 02:00 --------- d-----w C:\Program Files\Napster
2008-05-24 02:00 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-24 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-05-24 01:58 --------- d-----w C:\Program Files\LimeWire
2008-05-24 01:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 01:52 --------- d-----w C:\Program Files\Kazaa
2008-04-07 22:58 --------- d-----w C:\Program Files\TBONBin
2008-04-07 22:57 --------- d-----w C:\Program Files\QuickTime
2008-04-06 23:15 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-06 23:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 23:13 --------- d-----w C:\Program Files\SymNetDrv
2008-04-06 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 21:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-06 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 01:42 --------- d-----w C:\Program Files\McAfee
2008-04-04 01:38 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-04-04 01:36 --------- d-----w C:\Program Files\Zone Labs
2008-04-04 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-04 01:27 --------- d-----w C:\Program Files\Alwil Software
2008-04-04 01:26 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-04 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-04 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-04 01:23 --------- d-----w C:\Program Files\Lavasoft
2008-04-04 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 01:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 01:15 --------- d-----w C:\Program Files\hkSFV
2008-03-14 06:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-01-18 03:13 6,226 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-09-11 22:31 56 -csh--r C:\WINDOWS\system32\CAF16C28D1.sys
2006-09-11 22:31 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
Code: Select all
<pre>
-c--a-w            49,152 2008-03-12 07:49:32  C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
-c--a-w           159,832 2008-03-12 07:50:01  C:\Program Files\Common Files\AOL\1131080439\ee\AOLHostManager .exe
-c--a-w            81,920 2008-03-12 07:50:26  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
-c--a-w           249,856 2008-03-08 07:51:37  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm       .exe
-c--a-w           249,856 2008-03-12 07:50:08  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
-c--a-w            58,992 2008-03-12 07:49:15  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
-c--a-w         1,228,800 2008-03-12 07:49:28  C:\Program Files\D-Link\AirPlus G\AirGCFG .exe
-c--a-w                 0 2008-03-12 07:50:10  C:\Program Files\FilmLoop Player\FilmLoop .exe
-c--a-w           278,528 2008-03-12 07:49:58  C:\Program Files\iTunes\iTunesHelper .exe
-c--a-w            36,975 2008-03-12 07:49:48  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
-c--a-w            57,344 2008-03-12 07:49:40  C:\Program Files\Lexmark X6100 Series\lxbfbmgr .exe
-c--a-w         1,694,208 2008-03-12 10:00:03  C:\Program Files\Messenger\msmsgs .exe
-c--a-w           155,648 2008-03-12 07:50:31  C:\Program Files\QuickTime\qttask                 .exe
-c--a-w            26,112 2008-03-12 07:49:58  C:\Program Files\Real\RealPlayer\RealPlay .exe
-c--a-w           100,056 2008-03-12 07:49:21  C:\Program Files\SymNetDrv\SNDMon .exe
-c--a-w         3,404,800 2008-03-05 01:05:38  C:\Program Files\Webroot\Spy Sweeper\SpySweeper      .exe
----a-w         3,084,288 2008-03-04 08:14:11  C:\Program Files\Yahoo!\Messenger\ypager .exe
----a-w            15,360 2008-02-28 06:09:10  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6533C096-0400-7DAB-0017-5D00B8C98D91}]
C:\WINDOWS\system32\mlebq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C299039-8A39-4CA0-9E3B-CF513A68B886}]
C:\WINDOWS\system32\pmnlj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-03 18:38 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-03 18:38 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"tbon"="C:\Program Files\TBONBin\tbon.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Cpue"="C:\PROGRA~1\COMMON~1\YSTEM3~1\netdde.exe" [ ]
"Rlnc"="C:\WINDOWS\??sks\?ttrib.exe" [ ]
"Ywe"="C:\Documents and Settings\Owner\My Documents\s?curity\w?auclt.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 13:21 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a846c692"="C:\WINDOWS\system32\dcdinqyw.dll" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"BMab75f50e"="C:\WINDOWS\system32\spoxyhnp.dll" [ ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-06 16:13 111840]
"SnoopFreeUI"="SnoopFreeUI.exe" [2008-05-23 18:25 221184 C:\WINDOWS\SnoopFreeUI.exe]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2006-12-06 22:30 159744]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-10-13 17:04 994096]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-19 15:25:37 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-19 15:25:37 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliff]
qomliff.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a--c--- 2004-03-19 14:17 78960 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a--c--- 2004-11-15 15:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\1131080439\\ee\\aolservicehost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 KeyScramblerDrv;KeyScramblerDrv;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 14:37]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 17:04]
S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2006-11-14 15:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 20:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-5552C4542A-Owner).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate .ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:41:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\SnoopFreeDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SnoopFreeSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-01 13:54:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 20:53:53

Pre-Run: 61,389,651,968 bytes free
Post-Run: 61,474,488,320 bytes free

351 --- E O F --- 2008-05-28 10:03:56
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Computer is running slow

Unread postby Shaba » June 2nd, 2008, 10:30 am

Hi

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
RenV::
-c--a-w            49,152 2008-03-12 07:49:32  C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
-c--a-w           159,832 2008-03-12 07:50:01  C:\Program Files\Common Files\AOL\1131080439\ee\AOLHostManager .exe
-c--a-w            81,920 2008-03-12 07:50:26  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
-c--a-w           249,856 2008-03-08 07:51:37  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm       .exe
-c--a-w           249,856 2008-03-12 07:50:08  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
-c--a-w            58,992 2008-03-12 07:49:15  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
-c--a-w         1,228,800 2008-03-12 07:49:28  C:\Program Files\D-Link\AirPlus G\AirGCFG .exe
-c--a-w                 0 2008-03-12 07:50:10  C:\Program Files\FilmLoop Player\FilmLoop .exe
-c--a-w           278,528 2008-03-12 07:49:58  C:\Program Files\iTunes\iTunesHelper .exe
-c--a-w            36,975 2008-03-12 07:49:48  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
-c--a-w            57,344 2008-03-12 07:49:40  C:\Program Files\Lexmark X6100 Series\lxbfbmgr .exe
-c--a-w         1,694,208 2008-03-12 10:00:03  C:\Program Files\Messenger\msmsgs .exe
-c--a-w           155,648 2008-03-12 07:50:31  C:\Program Files\QuickTime\qttask                 .exe
-c--a-w            26,112 2008-03-12 07:49:58  C:\Program Files\Real\RealPlayer\RealPlay .exe
-c--a-w           100,056 2008-03-12 07:49:21  C:\Program Files\SymNetDrv\SNDMon .exe
-c--a-w         3,404,800 2008-03-05 01:05:38  C:\Program Files\Webroot\Spy Sweeper\SpySweeper      .exe
----a-w         3,084,288 2008-03-04 08:14:11  C:\Program Files\Yahoo!\Messenger\ypager .exe
----a-w            15,360 2008-02-28 06:09:10  C:\WINDOWS\system32\ctfmon .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6533C096-0400-7DAB-0017-5D00B8C98D91}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C299039-8A39-4CA0-9E3B-CF513A68B886}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tbon"=-
"Cpue"="-
"Rlnc"=-
"Ywe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a846c692"=-
"BMab75f50e"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomliff]


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 2nd, 2008, 2:26 pm

ComboFix Log

ComboFix 08-06-01.3 - Owner 2008-06-02 11:13:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.172 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\RCX8A.tmp
C:\WINDOWS\system32\RCXA2.tmp
C:\WINDOWS\system32\RCXA3.tmp
C:\WINDOWS\system32\wintsvtr32.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-05-30 13:37 . 2008-05-30 13:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 13:24 . 2008-05-30 13:24 <DIR> d-------- C:\Program Files\Gus Verdun
2008-05-30 13:19 . 2008-05-30 13:21 <DIR> d-------- C:\Program Files\AIM6
2008-05-30 10:51 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-30 10:51 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-30 10:51 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-05-30 10:51 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-30 10:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-05-30 10:51 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-30 10:51 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-05-30 10:51 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-05-30 10:51 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-05-30 10:51 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-30 10:50 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-30 10:50 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-05-30 10:50 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-30 10:50 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-05-30 10:50 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-30 10:50 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-30 10:48 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-30 10:48 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-05-30 10:48 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-05-30 10:48 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-30 10:48 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-30 10:48 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-30 10:48 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-30 10:48 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-05-30 10:47 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-05-30 10:47 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-05-30 10:42 . 2008-05-30 11:59 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2008-05-30 10:36 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-30 10:25 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-30 10:25 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-29 13:33 . 2008-05-29 13:33 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-29 13:33 . 2008-05-29 13:33 681 --a------ C:\WINDOWS\mozver.dat
2008-05-24 17:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-24 17:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-24 17:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-24 03:07 . 2008-05-24 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-24 02:40 . 2008-05-24 02:40 <DIR> d-------- C:\Program Files\KeyScrambler
2008-05-24 02:40 . 2008-03-22 14:37 113,896 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2008-05-23 22:28 . 2008-06-01 14:08 <DIR> d-------- C:\Program Files\City of Heroes
2008-05-23 22:18 . 2008-05-23 22:18 <DIR> d-------- C:\Logs
2008-05-23 20:47 . 2008-05-23 20:54 <DIR> d-------- C:\Documents and Settings\Owner\Contacts
2008-05-23 20:46 . 2008-05-23 20:46 268 --ah----- C:\sqmdata00.sqm
2008-05-23 20:46 . 2008-05-23 20:46 244 --ah----- C:\sqmnoopt00.sqm
2008-05-23 20:45 . 2008-05-23 20:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-23 19:20 . 2008-05-23 20:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-23 19:18 . 2008-05-23 20:51 <DIR> d-------- C:\Program Files\Windows Live
2008-05-23 19:17 . 2008-05-23 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 18:57 . 2008-05-23 22:22 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-23 18:57 . 2008-05-23 18:57 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 18:40 . 2008-05-23 18:40 <DIR> d-------- C:\Program Files\Razer
2008-05-23 18:40 . 2001-01-03 19:12 162,900 --------- C:\WINDOWS\system32\drivers\USBICP.sys
2008-05-23 18:40 . 2006-11-22 14:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl
2008-05-23 18:40 . 2006-11-14 15:29 22,144 --a------ C:\WINDOWS\system32\drivers\dadder.sys
2008-05-23 18:32 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-23 18:32 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-23 18:29 . 2008-05-23 18:29 0 --a------ C:\WINDOWS\system32\drivers\SET21.tmp
2008-05-23 18:25 . 2008-05-23 18:25 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe
2008-05-23 18:25 . 2008-05-23 18:25 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-05-23 18:25 . 2008-05-23 18:25 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-05-23 18:25 . 2008-05-23 18:25 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2008-05-23 18:23 . 2008-05-23 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-15 16:34 . 2008-05-15 16:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-15 16:34 . 2008-05-15 16:34 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 18:18 7,403,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-02 18:13 --------- d-----w C:\Program Files\SymNetDrv
2008-06-02 18:13 --------- d-----w C:\Program Files\QuickTime
2008-06-02 18:13 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-06-02 18:13 --------- d-----w C:\Program Files\iTunes
2008-06-02 18:13 --------- d-----w C:\Program Files\FilmLoop Player
2008-06-02 18:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-02 06:50 87,524 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 20:40 1,653,454 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-30 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-30 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-05-30 19:05 --------- d-----w C:\Program Files\Viewpoint
2008-05-30 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-25 00:45 1,536,512 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-25 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-24 02:00 --------- d-----w C:\Program Files\Napster
2008-05-24 02:00 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-24 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-05-24 01:58 --------- d-----w C:\Program Files\LimeWire
2008-05-24 01:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 01:52 --------- d-----w C:\Program Files\Kazaa
2008-05-10 01:52 2,896,896 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-09 06:03 881,664 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-07 22:58 --------- d-----w C:\Program Files\TBONBin
2008-04-06 23:15 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-06 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 21:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-06 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 01:52 19,698,978 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_03_18_43_28_full.dmp.zip
2008-04-04 01:42 --------- d-----w C:\Program Files\McAfee
2008-04-04 01:38 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-04-04 01:36 --------- d-----w C:\Program Files\Zone Labs
2008-04-04 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-04 01:27 --------- d-----w C:\Program Files\Alwil Software
2008-04-04 01:26 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-04 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-04 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-04 01:23 --------- d-----w C:\Program Files\Lavasoft
2008-04-04 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 01:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 01:15 --------- d-----w C:\Program Files\hkSFV
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 06:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 06:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-01-18 03:13 6,226 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-09-11 22:31 56 -csh--r C:\WINDOWS\system32\CAF16C28D1.sys
2006-09-11 22:31 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-01_13.53.01.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 20:40:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 18:00:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-04 19:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2008-02-28 06:09:10 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2004-08-04 19:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-02-28 06:09:10 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-06-02 18:00:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_28c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-03 18:38 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-03 18:38 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-27 23:09 15360]
"Cpue"="C:\PROGRA~1\COMMON~1\YSTEM3~1\netdde.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 13:21 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-12 00:49 100056]
"SnoopFreeUI"="SnoopFreeUI.exe" [2008-05-23 18:25 221184 C:\WINDOWS\SnoopFreeUI.exe]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2006-12-06 22:30 159744]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-10-13 17:04 994096]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-19 15:25:37 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-19 15:25:37 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48 176128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a--c--- 2004-03-19 14:17 78960 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a--c--- 2008-03-12 00:49 58992 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a--c--- 2008-03-12 03:00 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-12 00:50 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a--c--- 2004-11-15 15:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\1131080439\\ee\\aolservicehost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 KeyScramblerDrv;KeyScramblerDrv;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 14:37]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 17:04]
S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2006-11-14 15:29]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 18:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-5552C4542A-Owner).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate .ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 11:18:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-02 11:21:33
ComboFix-quarantined-files.txt 2008-06-02 18:21:26
ComboFix2.txt 2008-06-01 20:54:17

Pre-Run: 61,163,499,520 bytes free
Post-Run: 61,141,311,488 bytes free

267 --- E O F --- 2008-05-28 10:03:56

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:07 AM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\YSTEM3~1\netdde.exe" -vt ndrv
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9915 bytes
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Computer is running slow

Unread postby Shaba » June 3rd, 2008, 9:45 am

Hi

Does Symantec have antivirus and/or firewall?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 3rd, 2008, 2:31 pm

Shaba wrote:Hi

Does Symantec have antivirus and/or firewall?


Not that I know of. I wasn't even aware it was still on this computer. If I remember correctly, it was just a trial version and the time on it ran out a while back. I thought it had been removed. It doesn't even appear to be running to me when the computer is on.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Computer is running slow

Unread postby Shaba » June 4th, 2008, 9:35 am

Hi

Please follow these
instructions and post back a fresh HijackThis log after that :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 4th, 2008, 2:10 pm

I don't know which version of Norton it is and don't know which steps to use. Also, it doesn't appear in the add/remove programs list.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Computer is running slow

Unread postby Shaba » June 5th, 2008, 9:22 am

Hi

When have you purchased computer?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 5th, 2008, 2:15 pm

About 3 years ago I believe.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Computer is running slow

Unread postby Shaba » June 6th, 2008, 11:39 am

Hi

So it should be Norton 2004 or Norton 2005 then.

Please try those instructions :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 6th, 2008, 2:29 pm

The removal tool did the trick. It appears to be gone from the computer now. Here is the fresh HijackThis log like you asked for earlier.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:44 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\YSTEM3~1\netdde.exe" -vt ndrv
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9366 bytes
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Computer is running slow

Unread postby Shaba » June 7th, 2008, 5:03 am

Hi

Yes it did :)

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)
    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)
    Image
  • Now click on the Save as Text button
  • Savethe file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer is running slow

Unread postby Dreemerz » June 8th, 2008, 5:30 am

Hi

I've been trying off and on all day to get that link to work. Every I try to visit it though, no page loads up. Internet Explorer ends up giving me this message after trying to load it.

Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information

I am connected to the internet. I can visit all other sites no problem. There shouldn't be an error in the address since I'm getting it directly from your link. I'm guessing the site is having problems, because not even http://www.kaspersky.com will load up.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 331 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware