it would not let me run the Eset scanner online. after asking me to install the software i simply get a red x on the web site (like when an image fails to load) my computer is still running as it was before. IE and other browsers are constantly freezing or tking forever to load pages (with the lilttle hourglass cursor and when i type the cursur still does not keep up. it takes a second or two. its like im typing blind.
here are the log files you requested:
ComboFix 09-02-10.01 - petercguerra 2009-02-10 15:28:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.133 [GMT -8:00]
Running from: c:\documents and settings\petercguerra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\petercguerra\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\System32\autodisc32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Soulseek
c:\documents and settings\All Users\Application Data\Soulseek\attributes.cfg
c:\documents and settings\petercguerra\Application Data\FrostWire
c:\documents and settings\petercguerra\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\petercguerra\Application Data\FrostWire\checkandupdate.txt
c:\documents and settings\petercguerra\Application Data\FrostWire\createtimes.cache
c:\documents and settings\petercguerra\Application Data\FrostWire\downloads.dat
c:\documents and settings\petercguerra\Application Data\FrostWire\fileurns.bak
c:\documents and settings\petercguerra\Application Data\FrostWire\fileurns.cache
c:\documents and settings\petercguerra\Application Data\FrostWire\filters.props
c:\documents and settings\petercguerra\Application Data\FrostWire\frostwire.props
c:\documents and settings\petercguerra\Application Data\FrostWire\gnutella.net
c:\documents and settings\petercguerra\Application Data\FrostWire\installation.props
c:\documents and settings\petercguerra\Application Data\FrostWire\intent.props
c:\documents and settings\petercguerra\Application Data\FrostWire\library.dat
c:\documents and settings\petercguerra\Application Data\FrostWire\mojito.props
c:\documents and settings\petercguerra\Application Data\FrostWire\questions.props
c:\documents and settings\petercguerra\Application Data\FrostWire\responses.cache
c:\documents and settings\petercguerra\Application Data\FrostWire\simpp.xml
c:\documents and settings\petercguerra\Application Data\FrostWire\spam.dat
c:\documents and settings\petercguerra\Application Data\FrostWire\tables.props
c:\documents and settings\petercguerra\Application Data\FrostWire\themes\frostwirePro_theme.fwtp
c:\documents and settings\petercguerra\Application Data\FrostWire\themes\frostwirePro_theme\theme.txt
c:\documents and settings\petercguerra\Application Data\FrostWire\themes\frostwirePro_theme\version.txt
c:\documents and settings\petercguerra\Application Data\FrostWire\ttrees.cache
c:\documents and settings\petercguerra\Application Data\FrostWire\ttroot.cache
c:\documents and settings\petercguerra\Application Data\FrostWire\version.xml
c:\documents and settings\petercguerra\Application Data\FrostWire\xml\data\audio.sxml2
c:\documents and settings\petercguerra\Application Data\FrostWire\xml\data\video.sxml2
c:\documents and settings\petercguerra\Application Data\uTorrent
c:\documents and settings\petercguerra\Application Data\uTorrent\[Discografia] - A.F.I.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\A.F.I.'s Discography.1.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\A.F.I.'s Discography.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\AFI's Discography.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\AFI - Decemberunderground (2006) - 196kbps -- BrP [www slotorrent net].torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\AFI - Decemberunderground [Deluxe Cab Edition] (2006).torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\AFI Rarities.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\Answer That & Stay Fashionable.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\Cubase.SX.v3.1.1.944-H2O.with.ED.SX3.Video.Tutorials-DELiRiUM.DVDr.UNOX.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\dht.dat
c:\documents and settings\petercguerra\Application Data\uTorrent\Jedi Mind Tricks Discography.torrent
c:\documents and settings\petercguerra\Application Data\uTorrent\resume.dat
c:\documents and settings\petercguerra\Application Data\uTorrent\resume.dat.old
c:\documents and settings\petercguerra\Application Data\uTorrent\rss.dat
c:\documents and settings\petercguerra\Application Data\uTorrent\settings.dat
c:\documents and settings\petercguerra\Application Data\uTorrent\VA - Above And Beyond Anjunabeats 100.www.lokotorrents.com.torrent
c:\program files\FrostWire
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\seenMessages.dat
.
((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.
2009-02-09 15:06 . 2009-02-09 15:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-06 12:57 . 2009-02-06 12:57 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-06 12:54 . 2009-02-06 12:54 <DIR> d-------- c:\windows\ERUNT
2009-02-06 12:43 . 2009-02-06 13:32 <DIR> d-------- C:\SDFix
2009-02-05 17:31 . 2009-02-05 17:31 <DIR> d-------- c:\program files\IObit
2009-02-05 17:31 . 2009-02-05 17:41 <DIR> d-------- c:\documents and settings\petercguerra\Application Data\IObit
2009-02-05 16:47 . 2009-02-05 16:47 <DIR> d-------- c:\documents and settings\petercguerra\Application Data\uniblue
2009-02-05 16:45 . 2009-02-05 16:45 <DIR> d-------- c:\program files\Uniblue
2009-02-05 16:25 . 2009-02-05 16:25 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-05 16:25 . 2009-02-05 16:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-05 16:25 . 2009-02-05 16:25 <DIR> d-------- c:\program files\MSBuild
2009-02-05 16:23 . 2009-02-05 16:24 <DIR> d-------- C:\
0911de9341dfa14d530f
2009-02-05 16:23 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-05 16:23 . 2008-07-06 04:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-05 16:23 . 2008-07-06 02:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-05 16:23 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-05 16:23 . 2008-07-06 04:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-05 16:23 . 2008-07-06 04:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-05 16:23 . 2008-07-06 04:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-05 16:22 . 2009-02-05 16:38 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-05 15:57 . 2009-02-05 15:57 <DIR> dr-h----- C:\AHCache
2009-02-05 15:47 . 2009-02-05 15:47 <DIR> d-------- c:\program files\BillP Studios
2009-02-05 15:47 . 2009-02-05 15:47 <DIR> d-------- c:\documents and settings\petercguerra\Application Data\WinPatrol
2009-02-02 10:59 . 2009-02-02 10:59 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 10:43 . 2009-02-02 16:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-02 10:43 . 2009-02-02 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 09:34 . 2009-01-31 09:34 <DIR> d-------- c:\windows\system32\scripting
2009-01-31 09:34 . 2009-01-31 09:34 <DIR> d-------- c:\windows\system32\en
2009-01-31 09:34 . 2009-01-31 09:34 <DIR> d-------- c:\windows\system32\bits
2009-01-31 09:34 . 2009-01-31 09:34 <DIR> d-------- c:\windows\l2schemas
2009-01-31 09:30 . 2009-01-31 09:35 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-31 09:18 . 2009-01-31 09:18 <DIR> d-------- c:\windows\EHome
2009-01-31 00:24 . 2009-01-31 00:24 <DIR> d-------- c:\program files\Alwil Software
2009-01-30 23:33 . 2009-02-02 19:23 <DIR> d-------- c:\program files\DivX
2009-01-27 21:53 . 2009-02-05 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-27 17:03 . 2009-01-27 17:03 <DIR> d-------- c:\program files\AVG
2009-01-24 14:03 . 2009-01-24 14:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-21 19:54 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-01-21 19:54 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-01-21 19:54 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-01-21 19:54 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-01-21 19:54 . 2008-04-13 16:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-01-21 19:54 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-01-21 19:54 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-01-21 19:54 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-01-21 19:54 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-01-21 19:54 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-01-21 19:54 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 23:26 --------- d-----w c:\program files\Orbitdownloader
2009-02-10 21:35 --------- d-----w c:\documents and settings\petercguerra\Application Data\Orbit
2009-02-09 23:03 --------- d-----w c:\program files\Java
2009-02-06 01:52 --------- d-----w c:\program files\Zune
2009-02-06 01:52 --------- d-----w c:\program files\Full Tilt Poker
2009-02-06 01:52 --------- d-----w c:\program files\AIM6
2009-02-06 01:52 --------- d-----w c:\documents and settings\petercguerra\Application Data\Mp3tag
2009-02-06 01:52 --------- d-----w c:\documents and settings\petercguerra\Application Data\ICAClient
2009-02-03 02:08 --------- d-sh--w c:\program files\AKProg
2009-01-16 21:11 --------- d-----w c:\program files\WM Converter
2009-01-13 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-13 23:05 --------- d-----w c:\program files\Yahoo!
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-12 04:00 218,376 ----a-w c:\windows\system32\klogon.dll
2008-11-10 20:23 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-11-10 20:23 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 20:09 73,728 ----a-w c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 20:09 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
2008-11-10 20:09 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
2008-11-10 20:09 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 20:09 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
2008-11-10 20:09 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_17.15.00.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-10 21:34:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\petercguerra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 995328]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-09-19 1690824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ac4be38b517]
c:\windows\System32\autodisc32.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AEB5E]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wltrysvc
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
*Deregistered* - ZuneBusEnum
.
Contents of the 'Scheduled Tasks' folder
2009-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-725345543-1004.job
- c:\documents and settings\petercguerra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-05 18:03]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
hxxp://red.clientapps.yahoo.com/customi ... ch/ie.htmluInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://red.clientapps.yahoo.com/customi ... .yahoo.comIE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\petercguerra\Application Data\Mozilla\Firefox\Profiles\uvuf1xuw.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-10 15:31:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
c:\windows\explorer.exe [212] 0x834ED020
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-10 15:34:47
ComboFix-quarantined-files.txt 2009-02-10 23:33:27
ComboFix2.txt 2009-02-10 21:55:16
Pre-Run: 7,961,292,800 bytes free
Post-Run: 7,938,895,872 bytes free
289
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:04 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\petercguerra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\petercguerra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO20 - Winlogon Notify: ac4be38b517 - C:\WINDOWS\System32\autodisc32.dll (file missing)
O20 - Winlogon Notify: __c00AEB5E - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9121 bytes