Computer is very slow and shuts down

March 28, 2010 at 09:26:39
Specs: Windows Vista
The main problem that I am having is that my laptop runs very slow and frequently shuts down. Here are some of the details that I can provide.
- I probably have a virus because something is accessing my hotmail account and sending out spam e-mails to my contacts with a link to a site that sells drugs ie Viagara
- When I run multiple applications the fan goes crazy and usually leads to the computer shutting down
- With one explorer screen open my computer runs between 10 - 30% CPU usage and approximately 80 - 85% physial memory
-In the processes tab of task manager there is always Kaspersky AV scanner running and that is not the anti virus program that I am running (I have Bell Internet Security). When I try to end process on Kaspersky it closes and reopens. When I right click on it and try to open file location nothing happens.
- I have tried registry cleaners and my virus program is not finding the source of the infection.

Any help would be great as I am ready to take a sledgehammer to my laptop!


See More: Computer is very slow and shuts down

Report •


#1
March 28, 2010 at 10:04:41
Bell/AT&T does not have an antivirus so they pay someone else to do the av part of their security package.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
March 28, 2010 at 12:04:06
Which reports are you referring to?

Report •

#3
March 28, 2010 at 14:20:50
I assume this is the report that you are referring to:
Malwarebytes' Anti-Malware 1.44
Database version: 3924
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

28/03/2010 4:09:03 PM
mbam-log-2010-03-28 (16-09-03).txt

Scan type: Quick Scan
Objects scanned: 123408
Time elapsed: 29 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\TMP0000000120090A805BD1324A (Trojan.Dropper) -> Quarantined and deleted successfully.


Report •

Related Solutions

#4
March 28, 2010 at 14:25:03
These reports, they help determine what method to use to remove the virus and find the bad files.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

And the Malwarebytes report that you have already sent.


Report •

#5
March 28, 2010 at 18:04:08
DDS (Ver_10-03-17.01) - NTFSx86
Run by Leo at 20:58:46.33 on 28/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.102 [GMT -4:00]

AV: Bell Internet Security Services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Bell Internet Security Services Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: Bell Internet Security Services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Personal Vault\VaultClientSRV.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Bell Internet Security Services\rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bell\Internet Service Advisor\SSA.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Bell\Internet Service Advisor\SSAComHandler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Bell\Bell Internet Security Services\Kav\Bin\ScanningProcess.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Leo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\bell\bell internet security services\pkR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - BrowserHelper Class
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - Windows Live Toolbar Helper
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSA.exe] "c:\program files\bell\internet service advisor\SSA.exe" /AUTORUN
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://leogru74.spaces.live.com//PhotoUpload/VistaMsnPUplden-ca.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.photolab.ca/Upload/ImageUploader4.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://leogru74.spaces.live.com/PhotoUpload/VistaMsnPUplden-ca.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.city.north-bay.on.ca/scripts/AxisCamControl.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

============= SERVICES / DRIVERS ===============

R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\bell\bell internet security services\safeconnect\driver\platform_vista\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\bell\bell internet security services\safeconnect\driver\platform_vista\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\bell\bell internet security services\safeconnect\driver\platform_vista\SafeConnectShim.sys [2008-11-14 29248]

=============== Created Last 30 ================

2010-03-28 19:35:36 0 d-----w- c:\users\leo\appdata\roaming\Malwarebytes
2010-03-28 19:12:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 19:12:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 19:12:04 0 d-----w- c:\programdata\Malwarebytes
2010-03-28 19:12:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 08:02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 08:01:52 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 08:01:51 30720 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-03-29 00:06:00 104740640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-28 20:11:31 1400576 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-14 08:30:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-14 08:30:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-14 08:30:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-14 08:30:56 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-14 08:30:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-14 08:30:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-13 15:57:10 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-28 00:31:44 1051 ----a-w- c:\program files\INSTALL.LOG
2008-09-30 01:45:02 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-23 04:07:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-13 03:22:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081220090813\index.dat

============= FINISH: 21:03:21.66 ===============


Report •

#6
March 28, 2010 at 18:06:18
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/02/2007 12:44:10 PM
System Uptime: 28/03/2010 4:12:00 PM (5 hours ago)

Motherboard: Quanta | | 30BB
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 30.753 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.764 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: isatap.{593BEB3C-B791-4F84-8038-FD3E8CE4C302}
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Software Update
ASL_HS_Installer32
Bell Internet Security Services
Bell Internet Service Advisor 2.1.7
Conexant HD Audio
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Easy Setup - Core
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
Internet Check-Up
iTunes
Java(TM) SE Runtime Environment 6
LightScribe 1.4.124.1
LimeWire PRO 5.4.6
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Network Magic
PartyPoker
PerfectDisk 2008
Personal Vault Manager
Pure Networks Platform
QuickTax 2008
QuickTime
Registry Mechanic 9.0
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar

==== End Of File ===========================


Report •

#7
March 29, 2010 at 19:31:21
Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

You should uninstall these programs at least until we get the computer cleaned as they are known to harbor spyware:


LimeWire
Party Poker


Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Bell Internet Security System (you should be able to turn off antivirus, antispyware, firewall and active shield from its console) , Windows Defender, and SuperAntispyware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
March 31, 2010 at 17:57:48
ComboFix 10-03-29.04 - Leo 31/03/2010 20:07:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.267 [GMT -4:00]
Running from: c:\users\Leo\Desktop\Combo-Fix.exe
AV: Bell Internet Security Services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Bell Internet Security Services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: Bell Internet Security Services Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3058437834-886413127-830029895-500
c:\program files\alot
c:\program files\alot\bin\ALOTSettings.exe
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 00:30 . 2010-04-01 00:30 -------- d-----w- c:\users\Josie\AppData\Local\temp
2010-04-01 00:30 . 2010-04-01 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-31 22:39 . 2010-03-31 22:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 19:35 . 2010-03-28 19:35 -------- d-----w- c:\users\Leo\AppData\Roaming\Malwarebytes
2010-03-28 19:12 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\programdata\Malwarebytes
2010-03-28 19:12 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 20:39 . 2010-03-13 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-10 08:02 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 08:01 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 08:01 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 00:35 . 2009-08-13 07:13 107236896 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-01 00:32 . 2009-01-20 01:19 -------- d-----w- c:\users\Leo\AppData\Roaming\Skype
2010-03-31 23:49 . 2009-02-03 23:38 -------- d-----w- c:\users\Leo\AppData\Roaming\skypePM
2010-03-31 23:30 . 2009-08-13 07:13 1437152 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-31 23:29 . 2006-12-12 15:43 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-31 22:45 . 2008-06-02 17:09 -------- d-----w- c:\program files\LimeWire
2010-03-31 22:42 . 2006-12-12 17:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 22:37 . 2006-12-12 17:03 -------- d-----w- c:\program files\Java
2010-03-10 08:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 08:12 . 2006-12-12 16:28 -------- d-----w- c:\programdata\Microsoft Help
2010-02-25 00:56 . 2007-02-03 03:00 95216 ----a-w- c:\users\Josie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-10-03 00:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:11 . 2007-02-02 14:06 95216 ----a-w- c:\users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-14 08:31 . 2010-02-14 08:31 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-14 08:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-14 08:30 . 2010-02-14 08:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-14 08:30 . 2010-02-14 08:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-25 12:00 . 2010-02-24 04:24 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 04:23 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 04:23 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 04:24 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 04:23 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 04:23 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 04:23 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 04:23 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 04:23 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 04:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 04:23 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 04:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 04:23 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 04:23 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 04:23 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 04:23 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 13:30 . 2010-02-24 04:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 12:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 12:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 12:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 12:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2009-07-02 19:32 503808 ----a-w- c:\program files\Personal Vault\VaultClientMenu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SSA.exe"="c:\program files\Bell\Internet Service Advisor\SSA.exe" [2009-06-29 3245296]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-12-07 1471488]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,9f,0b,6d,cc,ac,ca,01

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate1ca938ecee78940;Google Update Service (gupdate1ca938ecee78940);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 133104]
R3 Radialpoint Security Services;Bell Internet Security Services;c:\program files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2009-08-25 175184]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
S2 RadialpointSafeConnectAgent;Bell Internet Security Services SafeConnectAgent;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe RadialpointSafeConnectAgent [x]
S2 VaultClientSRV;Personal Vault Backup Service;c:\program files\Personal Vault\VaultClientSRV.exe [2009-07-02 1047632]
S2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2009-07-02 56400]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [2008-11-14 161304]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [2008-11-14 29720]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [2008-11-14 29248]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 13:54]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 13:54]

2010-04-01 c:\windows\Tasks\User_Feed_Synchronization-{2B77F038-9123-46BD-8917-0F165DE39F39}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-04-01 c:\windows\Tasks\User_Feed_Synchronization-{D276A273-9BD3-46EC-BADC-4889A666CA6C}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 20:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-31 20:44:31
ComboFix-quarantined-files.txt 2010-04-01 00:44

Pre-Run: 33,464,651,776 bytes free
Post-Run: 36,933,734,400 bytes free

- - End Of File - - B3E875067DDFDD725EA45B641399A69D


Report •

#9
March 31, 2010 at 18:04:01
Also when I turned on my active shield it warned me about a possible threat - c:\COMBO-FIX\REGT.CFXXE. I quarantined the file for now.

Report •

#10
March 31, 2010 at 19:03:12
Some antivirus report that file it is a false positive. your log appwaer to be clean, how is the computer operating?

A little clean-up to do.

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.


Report •

#11
April 1, 2010 at 08:39:16
Igretta,


It sounds like there may already be system damage. That being said, if you have a Windows XP CD, put it in the CD-ROM drive. It will AutoPLay the menu, close it out. Go to Start/Run and type "sfc /scannow". Windows will run a system file check to verify the integrity of your installation files, this process can take very long depending on the speed of your CD-ROM/Processor and RAM.

Also, Avast offers a boot time scan which will run before the computer boots into windows, you will be greeted by the typical Pre-windows drive check screen but avast will begin scanning once the computer is restarted, just make sure you update the software before restarting by clicking the lightning bolt. The software will attempt to connect to update servers and begin downloading the software.

Also, something not mentioned was the fact that MalwareBytes can be installed in safe mode. Just be sure to enable "Safe mode with networking"

Let me know how you make out

Custom USB Drives


Report •

#12
April 1, 2010 at 16:22:41
When you say "system" damage do you mean software damage or hardware damage? I will try what you said but if those do not work what are the options?

Report •

#13
April 2, 2010 at 09:36:04
jabuck,

sorry I missed your reply and assumed your reply was response # 11 from madhattertov.

Here is what has happened since running combofix:

Immediately after the computer seemed to be running much quicker but then after a shut down and restart it became slower than it has ever been and because I missed your reponse I started trying some things on my own. Because the computer was running much worse than before I decided to run a system restore prior to running combofix and then this morning I decided to check this site to see if I had any more responses and then I noticed that I missed your reply so this is what i have done:

Re-update Java
Unistalled Party Poker and LimeWire again
Downloaded ComboFix again
Re-run combo fix again

As of right now the computer is running well but I don't know if it will return to it old ways. I will attach the new log.txt below. I will now follow the instructions that you gave me to do after the completion of the combofix and I will let you know the results.

ComboFix 10-04-01.02 - Leo 02/04/2010 11:49:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.210 [GMT -4:00]
Running from: c:\users\Leo\Desktop\Combo-Fix.exe
AV: Bell Internet Security Services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Bell Internet Security Services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: Bell Internet Security Services Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3058437834-886413127-830029895-500
c:\program files\alot
c:\program files\alot\bin\ALOTSettings.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 16:12 . 2010-04-02 16:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-02 16:12 . 2010-04-02 16:12 -------- d-----w- c:\users\Josie\AppData\Local\temp
2010-04-02 16:12 . 2010-04-02 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-02 15:39 . 2010-04-02 15:45 -------- d-----w- C:\32788R22FWJFW
2010-04-02 15:27 . 2010-04-02 15:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 00:44 . 2010-04-01 00:44 -------- d-----w- c:\users\Josie\AppData\Local\Temp(31)
2010-04-01 00:03 . 2010-04-01 00:55 -------- d-----w- C:\Combo-Fix
2010-03-28 19:35 . 2010-03-28 19:35 -------- d-----w- c:\users\Leo\AppData\Roaming\Malwarebytes
2010-03-28 19:12 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\programdata\Malwarebytes
2010-03-28 19:12 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 20:39 . 2010-03-13 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-10 08:02 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 08:01 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 08:01 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 16:14 . 2009-01-20 01:19 -------- d-----w- c:\users\Leo\AppData\Roaming\Skype
2010-04-02 15:32 . 2008-06-02 17:09 -------- d-----w- c:\program files\LimeWire
2010-04-02 13:47 . 2009-02-03 23:38 -------- d-----w- c:\users\Leo\AppData\Roaming\skypePM
2010-04-02 13:40 . 2007-02-13 01:40 1356 ----a-w- c:\users\Leo\AppData\Local\d3d9caps.dat
2010-04-02 07:21 . 2009-08-13 07:13 1404752 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-02 07:21 . 2009-08-13 07:13 105348128 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-02 07:20 . 2006-12-12 15:43 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-31 22:42 . 2006-12-12 17:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 22:37 . 2006-12-12 17:03 -------- d-----w- c:\program files\Java
2010-03-10 08:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 08:12 . 2006-12-12 16:28 -------- d-----w- c:\programdata\Microsoft Help
2010-02-25 00:56 . 2007-02-03 03:00 95216 ----a-w- c:\users\Josie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-10-03 00:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:11 . 2007-02-02 14:06 95216 ----a-w- c:\users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-04-02 04:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-02 04:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-02 04:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-02 04:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-21 15:56 . 2010-02-21 15:56 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF7E7.tmp.exe
2010-02-14 08:31 . 2010-02-14 08:31 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-14 08:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-14 08:30 . 2010-02-14 08:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-14 08:30 . 2010-02-14 08:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-13 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-29 20:44 . 2010-01-29 20:44 146432 ----a-w- c:\users\Leo\AppData\Roaming\Bell\Internet Service Advisor\downloads\2010-Bell-UsageAlertCampaign_02.18467.zip.dir\all\tools\UsageAlertUpdater.exe
2010-01-25 12:00 . 2010-02-24 04:24 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 04:23 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 04:23 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 04:24 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 04:23 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 04:23 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 04:23 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 04:23 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 04:23 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 04:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 04:23 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 04:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 04:23 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 04:23 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 04:23 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 04:23 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 13:30 . 2010-02-24 04:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2009-07-02 19:32 503808 ----a-w- c:\program files\Personal Vault\VaultClientMenu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SSA.exe"="c:\program files\Bell\Internet Service Advisor\SSA.exe" [2009-06-29 3245296]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-12-07 1471488]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,9f,0b,6d,cc,ac,ca,01

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate1ca938ecee78940;Google Update Service (gupdate1ca938ecee78940);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 133104]
R3 Radialpoint Security Services;Bell Internet Security Services;c:\program files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2009-08-25 175184]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
S2 RadialpointSafeConnectAgent;Bell Internet Security Services SafeConnectAgent;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe RadialpointSafeConnectAgent [x]
S2 VaultClientSRV;Personal Vault Backup Service;c:\program files\Personal Vault\VaultClientSRV.exe [2009-07-02 1047632]
S2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2009-07-02 56400]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [2008-11-14 161304]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [2008-11-14 29720]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [2008-11-14 29248]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 13:54]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 13:54]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{2B77F038-9123-46BD-8917-0F165DE39F39}.job
- c:\windows\system32\msfeedssync.exe [2010-04-02 04:54]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{D276A273-9BD3-46EC-BADC-4889A666CA6C}.job
- c:\windows\system32\msfeedssync.exe [2010-04-02 04:54]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 12:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-02 12:21:42
ComboFix-quarantined-files.txt 2010-04-02 16:21
ComboFix2.txt 2010-04-01 00:44

Pre-Run: 35,865,862,144 bytes free
Post-Run: 35,850,088,448 bytes free

- - End Of File - - 0DB23D2FA9D3C0174E5A198E26EC70D6


Report •

#14
April 2, 2010 at 10:50:06
lgrutta,

Sorry for being unclear. When i say system damage i am referring to the Windows XP software installation itself. There are certain infections which will turn your hard drive the wrong direction, but these cases are few and far between. In most cases the system needs to be backed up, re-formatted and then reloaded. And just a heads up, if you find yourself doing something like this, you can find a program called "DriverMax" on the internet that will allow you to easily backup all of your video, audio, chip-set and whatever else may be on the computer at the time. Assuming you don't have OEM installation CD's, this is definitely the way to go.

Best of luck

Custom USB Drives


Report •

#15
April 2, 2010 at 13:01:45
jabuck,

I was following your instructions and when I got to the end my system will not let me create a restore point, I keep getting the following error

The restore point could not be created for the following reason:

The shadowcopy provider had an unexpected error while trying to process the specified operation. (0x8004230F)

Please try again.

I have tried quite a few times and keep getting the same error. Any thoughts?


Report •

#16
April 2, 2010 at 19:25:33
Go to start> control panel> administrative tools> services and see if these two programs are set to manual or automatic.


System Restore Service
Volume Shadow Copy


If system restore service is stopped or in manual set it to auto. To set it to auto double click "System Restore Service" and if stopped click start> then on the far right of "startup type" click the blue drop down arrow and and select automatic> apply>ok.

Restart the computer.

Next try to create a restore point, if still unable to create a restore point go back to services and do the same for "Volume Shadow Copy" as you did to system restore service.

Restart the computer.

Try again to create a restore point


Report •


Ask Question