total pc defender virus...cpu slowing down

Emachines El1210-11 desktop pc
May 22, 2010 at 04:27:11
Specs: Windows XP
I had the total pc defender 2010 virus. I ran anti-malware bytes and thought I had removed it. It remained on the other two profiles used on this cpu though. Subsequently, the cpu is slow now......ie is impossible to use on one profile and slow when using the other profile. I used aft cleaner and cc cleaner (that's how I saw the virus was still on the other profiles). I no longer see the virus, but the cpu is still slowing down. On my profile, my background pic flashes...and then disappears. Or....it flashes three times it's normal size and disappears..so I'm figuring something is still up with the cpu or something new is wrong. Any help would be greatly appreciated.

See More: total pc defender virus...cpu slowing down

Report •


#1
May 22, 2010 at 08:55:31
In addition, my son's profile is the one that can't connect to the internet. I tried to reinstall IE..and did extract the files...but even after that, it won't connect to the internet. Mozilla won't either. The other two profiles will. Again, the cpu is just slowing down and I know that my desktop...the picture I had........now shows up three times the normal size that it is...then it disappears until I log off..then it appears again. Any help would be greatly appreciated. I thought I had rid the cpu of this thing. So, please, again, any assistance is greatly appreciated.

Report •

#2
May 22, 2010 at 08:56:32
Please Install HijackThis and Post the log back here.

http://download.cnet.com/Trend-Micr...

After you post the HJT log
Please download and install SuperAntiSpyware

http://www.majorgeeks.com/SUPERAnti...

and post that log back here as well. Please follow the directions at this link

http://forums.majorgeeks.com/showth...

for installing and running SAS. They will show you the correct way to get the log as well.
Please DO NOT do any other scans or self help fixes as it will only slow the process of getting clean. Thank You


Report •

#3
May 22, 2010 at 09:03:37
Please Post the HijackThis log before moving on to SAS.

Thank You
websfty001


Report •

Related Solutions

#4
May 22, 2010 at 13:31:30
Thank You. Here is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:30 PM, on 5/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2161807218-163748893-4247568029-1007\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Darian')
O4 - HKUS\S-1-5-21-2161807218-163748893-4247568029-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Darian')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: ZyXEL G-220 v2 Wireless Adapter Utility.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10828 bytes


Report •

#5
May 22, 2010 at 17:01:38
ok you do have some malware. If your not already doing it you can download and install SuperAntiSpyware

http://www.majorgeeks.com/SUPERAnti...

and post that log back here as well. Please follow the directions at this link

http://forums.majorgeeks.com/showth...

for installing and running SAS. They will show you the correct way to get the log as well.
Please DO NOT do any other scans or self help fixes as it will only slow the process of getting clean. Thank You


Report •

#6
May 22, 2010 at 17:05:43
just ask if you have any trouble :)

Report •

#7
May 22, 2010 at 17:27:09
I noticed that you have spybot s&d, you must disable the tea timer or the scans I have you do might not work correctly do as follows :

To Spybot's TeaTimer
Run Spybot and click Mode in the top menu
Select Advanced Mode.
Then expand the Tools selection in the left pane by clicking on it.
Now in the left pane Resident.
Now in the right window pane, uncheck TeaTimer.
Keep the Resident "SDHelper" option checked.
Also while this is open, in the left column now select IE Tweaks. Then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot and REBOOT your PC.


Report •

#8
May 22, 2010 at 17:47:56
Specifically look in Add/Remove Programs for the below programs and uninstall them if found:
MyWay or MyWay Search Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Toolbar (Remove Only)

Empty ALL Quarantine type folders for antivirus and antispyware applications.
This step of house cleaning may save a load of time later (reduced scanning time) and can significantly reduce the size of logs being posted later. Here is just one example for doing this with Norton/Symantec:

http://service1.symantec.com/SUPPOR...

You also need to disable your Norton Firewall and Empty the Norton Recycle Bin. here is inst. for that:
http://service1.symantec.com/SUPPOR...


Report •

#9
May 23, 2010 at 05:03:04
Good Morning,

The SuperAntiSpyware yielded the following:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2010 at 01:43 AM

Application Version : 4.37.1000

Core Rules Database Version : 4971
Trace Rules Database Version: 2783

Scan type : Complete Scan
Total Scan Time : 00:28:42

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 5427
Registry threats detected : 0
File items scanned : 19520
File threats detected : 0


Report •

#10
May 23, 2010 at 05:04:24
I also followed your guidelines that you listed as well.

Report •

#11
May 23, 2010 at 06:39:03
You seem to have a bad Proxy setting that i resolved in another forum .

http://thewinforums.com/topic/60919...

Post # 5

good luck


Report •

#12
May 23, 2010 at 11:49:56
re run hijack this and check off these boxs to fix

R1-HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

after you do this please go to the below link and follow all instructions
http://websafety001.webs.com/apps/f...


Report •

#13
May 23, 2010 at 13:11:02
Thanks for all the help. It's working better now. I still can't connect to the internet through IE or Mozilla on my son's profile...but logged in as me, I seem to be fine.

Report •

#14
May 23, 2010 at 13:40:57
The malware is not gone, in order for you to do away with this problem entirly you will need to complete the process otherwise you will continue to have problems.

Report •

#15
May 23, 2010 at 18:43:50
Oh no, that's what I'm saying, I did. I re-ran Hi-jack and checked the boxes you listed. I then followed the instructions using the link. I wasn't saying I was content...I was just letting you know that at least this profile was running better. But I was letting you know the other profile was still not working right. And even though this profile is running better, it still hangs...if that makes sense. I was just looking for what I should do next? But yes, I did follow your last guidelines as well.

Report •

#16
May 23, 2010 at 21:10:39
ok, sorry i misunderstood you.

please download the folowing 3 tools DO NOT INSTALL THEM YET
1.)malwarebytes from the below link
http://www.majorgeeks.com/Malwareby...
Important: Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
2.)combofix from here the download link is about halfway down the page use the bleepingcomputer mirror.
http://www.bleepingcomputer.com/com...
3.)rootrepeal from here
http://sites.google.com/site/rootre...


Report •

#17
May 23, 2010 at 21:26:33
Last download before running scans

MGTools

your running spybot s&d and i noticed you have Norton as well, go ahead and download mg tools from the below link. when it comes time to install it (that will be the last thing we do anyway) you may need to follow the below directions

Recent bugs in many antivirus programs are detecting this as malware. Disable your AV (anti virus) while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect. We prefer that you download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). If you use FireFox and still have it set to defaults, it will not let you choose where to download files to. To change FireFox, run FireFox and Click Tools, Options, and on the Main tab select Always ask me where to save files. you can download and run it from your Desktop as long as your Desktop folder is located on the same drive that you boot Windows from.

http://forums.majorgeeks.com/showth...


Report •

#18
May 23, 2010 at 22:05:13
When you have completed the above follow the below link

Report •

#19
May 24, 2010 at 16:41:13
Thanks. Malwarebytes log is as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4140

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/24/2010 7:39:26 PM
mbam-log-2010-05-24 (19-39-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 200550
Time elapsed: 52 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#20
May 24, 2010 at 16:56:44
combo fix yielded the following:

ComboFix 10-05-24.03 - Sean 05/24/2010 19:44:19.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.264 [GMT -4:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-24 22:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 22:08 . 2010-05-24 22:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 22:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-24 21:59 . 2010-05-24 21:59 2391871 ----a-w- C:\MGtools.exe
2010-05-23 19:41 . 2010-05-23 19:41 63488 ----a-w- c:\documents and settings\Darian\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-23 19:41 . 2010-05-23 19:41 52224 ----a-w- c:\documents and settings\Darian\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-23 19:41 . 2010-05-23 19:41 117760 ----a-w- c:\documents and settings\Darian\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-23 19:40 . 2010-05-23 19:40 -------- d-----w- c:\documents and settings\Darian\Application Data\SUPERAntiSpyware.com
2010-05-23 04:13 . 2010-05-23 04:13 63488 ----a-w- c:\documents and settings\Sean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-23 04:07 . 2010-05-23 04:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-22 20:21 . 2010-05-22 20:21 -------- d-----w- c:\program files\Trend Micro
2010-05-22 16:02 . 2010-05-22 16:02 503808 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47737837-n\msvcp71.dll
2010-05-22 16:02 . 2010-05-22 16:02 499712 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47737837-n\jmc.dll
2010-05-22 16:02 . 2010-05-22 16:02 12800 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-57d6061e-n\decora-d3d.dll
2010-05-22 16:02 . 2010-05-22 16:02 61440 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-57d6061e-n\decora-sse.dll
2010-05-22 16:02 . 2010-05-22 16:02 348160 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47737837-n\msvcr71.dll
2010-05-22 15:31 . 2010-05-22 15:33 -------- dc-h--w- c:\windows\ie8
2010-05-05 04:07 . 2010-05-05 04:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-05-03 16:42 . 2010-05-03 16:54 -------- d-----w- C:\Combo-Fix31304C
2010-05-01 22:55 . 2010-05-01 23:04 -------- d-----w- C:\Combo-Fix21855C
2010-05-01 19:37 . 2010-05-06 14:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 19:33 . 2010-05-01 19:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-01 17:55 . 2010-05-01 18:03 -------- d-----w- C:\Combo-Fix
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\Darian\Application Data\Malwarebytes
2010-05-01 16:16 . 2010-05-01 16:16 -------- d-----w- c:\documents and settings\Tif\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 22:05 . 2009-09-15 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-23 04:12 . 2010-04-01 11:31 117760 ----a-w- c:\documents and settings\Sean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-23 04:09 . 2010-04-01 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-13 02:46 . 2009-03-13 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-03 17:36 . 2009-09-15 08:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-01 22:38 . 2009-03-13 15:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-05-01 16:38 . 2009-03-13 15:59 -------- d-----w- c:\program files\WalMart
2010-04-08 16:19 . 2010-04-08 16:19 503808 ----a-w- c:\documents and settings\Tif\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e50c06-n\msvcp71.dll
2010-04-08 16:19 . 2010-04-08 16:19 499712 ----a-w- c:\documents and settings\Tif\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e50c06-n\jmc.dll
2010-04-08 16:19 . 2010-04-08 16:19 348160 ----a-w- c:\documents and settings\Tif\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e50c06-n\msvcr71.dll
2010-04-08 16:19 . 2010-04-08 16:19 61440 ----a-w- c:\documents and settings\Tif\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31f07ab9-n\decora-sse.dll
2010-04-08 16:19 . 2010-04-08 16:19 12800 ----a-w- c:\documents and settings\Tif\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31f07ab9-n\decora-d3d.dll
2010-04-06 03:30 . 2010-04-06 03:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 03:29 . 2010-04-06 03:29 503808 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-261806e4-n\msvcp71.dll
2010-04-06 03:29 . 2010-04-06 03:29 499712 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-261806e4-n\jmc.dll
2010-04-06 03:29 . 2010-04-06 03:29 348160 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-261806e4-n\msvcr71.dll
2010-04-06 03:29 . 2010-04-06 03:29 61440 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4828ffe2-n\decora-sse.dll
2010-04-06 03:29 . 2010-04-06 03:29 12800 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4828ffe2-n\decora-d3d.dll
2010-04-06 03:29 . 2009-10-25 03:24 -------- d-----w- c:\program files\Java
2010-04-03 01:11 . 2010-04-03 01:11 2386 ----a-w- c:\documents and settings\Sean\GetPaths.vbs
2010-04-01 18:39 . 2010-04-01 18:39 -------- d-----w- c:\documents and settings\Sean\Application Data\U3
2010-04-01 11:31 . 2010-04-01 11:31 52224 ----a-w- c:\documents and settings\Sean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-01 11:31 . 2010-04-01 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-01 11:30 . 2010-04-01 11:30 -------- d-----w- c:\documents and settings\Sean\Application Data\SUPERAntiSpyware.com
2010-04-01 10:06 . 2010-04-01 10:06 -------- d-----w- c:\program files\CCleaner
2010-04-01 04:05 . 2010-04-01 04:05 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2010-04-01 03:56 . 2010-04-01 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-10 06:15 . 2009-03-13 15:16 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28 . 2009-10-25 03:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2009-03-13 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-03-13 15:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-08 15:28 . 2009-07-30 21:33 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-05-01_11.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-23 13:57 . 2010-05-23 13:57 16384 c:\windows\temp\Perflib_Perfdata_260.dat
+ 2010-05-23 13:57 . 2010-05-23 13:57 16384 c:\windows\temp\Perflib_Perfdata_248.dat
+ 2009-03-13 15:15 . 2010-05-23 19:02 67984 c:\windows\system32\perfc009.dat
- 2009-03-13 15:15 . 2010-05-01 11:00 67984 c:\windows\system32\perfc009.dat
+ 2009-05-26 20:47 . 2010-05-13 05:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-26 20:47 . 2010-04-28 11:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-26 20:47 . 2010-04-28 11:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-26 20:47 . 2010-05-13 05:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-23 04:09 . 2010-05-23 04:09 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-05-23 04:09 . 2010-05-23 04:09 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-13 15:42 . 2010-05-13 02:46 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-13 15:42 . 2010-05-13 02:46 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-13 15:42 . 2010-05-13 02:46 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-05-23 11:56 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll
+ 2010-05-23 11:56 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB980182-IE8\spmsg.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB980182-IE8\spcustom.dll
- 2010-03-31 11:09 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-05-23 11:56 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
- 2010-03-31 11:09 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-05-23 11:56 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll
- 2009-08-10 22:18 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-05-22 15:32 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 44544 c:\windows\ie8\pngfilt.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 44544 c:\windows\ie8\pngfilt.dll
- 2009-08-10 22:16 . 2007-08-14 02:01 48128 c:\windows\ie8\mshtmler.dll
+ 2010-05-22 15:31 . 2007-08-14 02:01 48128 c:\windows\ie8\mshtmler.dll
- 2009-08-10 22:16 . 2007-08-14 02:32 45568 c:\windows\ie8\mshta.exe
+ 2010-05-22 15:31 . 2007-08-14 02:32 45568 c:\windows\ie8\mshta.exe
+ 2010-05-22 15:31 . 2007-08-14 02:36 12288 c:\windows\ie8\msfeedssync.exe
- 2009-08-10 22:16 . 2007-08-14 02:36 12288 c:\windows\ie8\msfeedssync.exe
- 2009-08-10 22:16 . 2009-06-29 16:12 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 52224 c:\windows\ie8\msfeedsbs.dll
- 2009-08-10 22:16 . 2007-08-14 02:44 40960 c:\windows\ie8\licmgr10.dll
+ 2010-05-22 15:31 . 2007-08-14 02:44 40960 c:\windows\ie8\licmgr10.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 27648 c:\windows\ie8\jsproxy.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 27648 c:\windows\ie8\jsproxy.dll
+ 2010-05-22 15:31 . 2007-08-14 02:39 92672 c:\windows\ie8\inseng.dll
- 2009-08-10 22:16 . 2007-08-14 02:39 92672 c:\windows\ie8\inseng.dll
+ 2010-05-22 15:31 . 2007-08-14 02:36 36352 c:\windows\ie8\imgutil.dll
- 2009-08-10 22:16 . 2007-08-14 02:36 36352 c:\windows\ie8\imgutil.dll
- 2009-08-10 22:16 . 2007-08-14 02:39 55296 c:\windows\ie8\iesetup.dll
+ 2010-05-22 15:31 . 2007-08-14 02:39 55296 c:\windows\ie8\iesetup.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 44544 c:\windows\ie8\iernonce.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 44544 c:\windows\ie8\iernonce.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 78336 c:\windows\ie8\ieencode.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 78336 c:\windows\ie8\ieencode.dll
- 2009-08-10 22:16 . 2009-06-29 11:07 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-05-22 15:31 . 2009-06-29 11:07 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-05-22 15:31 . 2009-06-29 16:12 63488 c:\windows\ie8\icardie.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 63488 c:\windows\ie8\icardie.dll
+ 2010-05-22 15:31 . 2007-08-14 02:18 60416 c:\windows\ie8\hmmapi.dll
- 2009-08-10 22:16 . 2007-08-14 02:18 60416 c:\windows\ie8\hmmapi.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 17408 c:\windows\ie8\corpol.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 17408 c:\windows\ie8\corpol.dll
- 2009-08-10 22:16 . 2007-08-14 02:39 71680 c:\windows\ie8\admparse.dll
+ 2010-05-22 15:31 . 2007-08-14 02:39 71680 c:\windows\ie8\admparse.dll
+ 2010-05-23 04:09 . 2010-05-23 04:09 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-03-13 15:15 . 2010-05-01 11:00 433698 c:\windows\system32\perfh009.dat
+ 2009-03-13 15:15 . 2010-05-23 19:02 433698 c:\windows\system32\perfh009.dat
- 2009-03-13 15:26 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2009-03-13 15:26 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
+ 2009-12-02 19:23 . 2009-12-02 19:23 149040 c:\windows\system32\drivers\MpFilter.sys
+ 2009-03-13 15:26 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-03-13 15:26 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-05-26 20:52 . 2010-05-03 21:12 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2009-05-26 20:52 . 2009-06-16 00:09 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-05-01 19:34 . 2010-05-01 19:34 272384 c:\windows\Installer\108f84.msi
+ 2010-05-01 19:34 . 2010-05-01 19:34 254976 c:\windows\Installer\108f7f.msi
+ 2010-05-01 19:33 . 2010-05-01 19:33 301056 c:\windows\Installer\108f7a.msi
+ 2009-03-13 15:42 . 2010-05-13 02:46 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-13 15:42 . 2010-05-13 02:46 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-13 15:42 . 2010-05-13 02:46 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-13 15:42 . 2010-05-13 02:46 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-05-23 11:56 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
- 2010-04-14 07:01 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\updspapi.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB981332-IE8\update.exe
+ 2010-05-23 11:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
- 2010-04-14 07:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
- 2010-04-14 07:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-05-23 11:56 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst.exe
+ 2010-05-23 11:56 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\updspapi.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB980182-IE8\update.exe
- 2010-03-31 11:09 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-05-23 11:56 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
- 2010-03-31 11:09 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-05-23 11:56 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst.exe
+ 2010-05-23 11:56 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-05-23 11:56 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
- 2010-03-31 11:09 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
- 2010-03-31 11:09 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-05-23 11:56 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-05-23 11:56 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-05-23 11:56 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-05-23 11:56 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
- 2010-03-31 11:09 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-05-23 11:56 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\updspapi.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB976662-IE8\update.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
- 2010-02-25 04:04 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
- 2010-02-25 04:04 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst.exe
+ 2010-05-23 11:56 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
- 2010-02-25 04:04 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll
+ 2010-05-23 11:56 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
- 2009-09-10 21:45 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
- 2009-09-10 21:45 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-05-23 11:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe
- 2009-09-10 21:45 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-05-23 11:56 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 827392 c:\windows\ie8\wininet.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 827392 c:\windows\ie8\wininet.dll
- 2009-08-10 22:16 . 2007-08-14 02:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-05-22 15:31 . 2007-08-14 02:45 206336 c:\windows\ie8\winfxdocobj.exe
- 2009-08-10 22:16 . 2009-06-29 16:12 233472 c:\windows\ie8\webcheck.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 233472 c:\windows\ie8\webcheck.dll
+ 2010-05-22 15:31 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
- 2009-08-10 22:16 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
- 2009-08-10 22:16 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-05-22 15:31 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 105984 c:\windows\ie8\url.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 105984 c:\windows\ie8\url.dll
+ 2010-05-22 15:32 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2009-08-10 22:18 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-05-22 15:32 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2009-08-10 22:18 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-05-22 15:31 . 2006-09-07 01:43 213216 c:\windows\ie8\spuninst.exe
- 2009-08-10 22:16 . 2006-09-07 01:43 213216 c:\windows\ie8\spuninst.exe
- 2009-08-10 22:16 . 2009-06-29 16:12 102912 c:\windows\ie8\occache.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 102912 c:\windows\ie8\occache.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 671232 c:\windows\ie8\mstime.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 671232 c:\windows\ie8\mstime.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 193024 c:\windows\ie8\msrating.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 193024 c:\windows\ie8\msrating.dll
+ 2010-05-22 15:31 . 2007-08-14 02:54 156160 c:\windows\ie8\msls31.dll
- 2009-08-10 22:16 . 2007-08-14 02:54 156160 c:\windows\ie8\msls31.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 477696 c:\windows\ie8\mshtmled.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 477696 c:\windows\ie8\mshtmled.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 459264 c:\windows\ie8\msfeeds.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 459264 c:\windows\ie8\msfeeds.dll
+ 2010-05-22 15:31 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
- 2009-08-10 22:16 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-05-22 15:31 . 2009-06-29 08:35 634632 c:\windows\ie8\iexplore.exe
- 2009-08-10 22:16 . 2009-06-29 08:35 634632 c:\windows\ie8\iexplore.exe
- 2009-08-10 22:16 . 2007-08-14 02:54 180736 c:\windows\ie8\ieui.dll
+ 2010-05-22 15:31 . 2007-08-14 02:54 180736 c:\windows\ie8\ieui.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 268288 c:\windows\ie8\iertutil.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 268288 c:\windows\ie8\iertutil.dll
+ 2010-05-22 15:31 . 2007-08-14 02:54 287744 c:\windows\ie8\ieproxy.dll
- 2009-08-10 22:16 . 2007-08-14 02:54 287744 c:\windows\ie8\ieproxy.dll
+ 2010-05-22 15:31 . 2007-08-14 02:54 191488 c:\windows\ie8\iepeers.dll
- 2009-08-10 22:16 . 2007-08-14 02:54 191488 c:\windows\ie8\iepeers.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 385024 c:\windows\ie8\iedkcs32.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 385024 c:\windows\ie8\iedkcs32.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 380928 c:\windows\ie8\ieapfltr.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 380928 c:\windows\ie8\ieapfltr.dll
- 2009-08-10 22:16 . 2009-06-29 08:33 161792 c:\windows\ie8\ieakui.dll
+ 2010-05-22 15:31 . 2009-06-29 08:33 161792 c:\windows\ie8\ieakui.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 230400 c:\windows\ie8\ieaksie.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 230400 c:\windows\ie8\ieaksie.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 153088 c:\windows\ie8\ieakeng.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 153088 c:\windows\ie8\ieakeng.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 214528 c:\windows\ie8\dxtrans.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 214528 c:\windows\ie8\dxtrans.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 347136 c:\windows\ie8\dxtmsft.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 124928 c:\windows\ie8\advpack.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 124928 c:\windows\ie8\advpack.dll
- 2009-03-13 15:26 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-03-13 15:26 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-05-23 04:09 . 2010-05-23 04:09 1583616 c:\windows\Installer\2c5f91.msi
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\16d2b814.msp
+ 2009-03-13 15:42 . 2010-05-13 02:46 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-13 15:42 . 2010-04-14 07:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2010-05-23 11:56 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-05-23 11:56 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-05-23 11:56 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
- 2009-08-10 22:16 . 2009-06-29 16:12 1159680 c:\windows\ie8\urlmon.dll
+ 2010-05-22 15:31 . 2009-06-29 16:12 1159680 c:\windows\ie8\urlmon.dll
- 2009-08-10 22:16 . 2009-07-19 13:33 3597824 c:\windows\ie8\mshtml.dll
+ 2010-05-22 15:31 . 2009-07-19 13:33 3597824 c:\windows\ie8\mshtml.dll
- 2009-08-10 22:16 . 2009-07-19 13:32 6067200 c:\windows\ie8\ieframe.dll
+ 2010-05-22 15:31 . 2009-07-19 13:32 6067200 c:\windows\ie8\ieframe.dll
- 2009-08-10 22:16 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2010-05-22 15:31 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-06-15 16:13 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
+ 2010-05-23 11:56 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nwiz"="nwiz.exe" [2008-02-25 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-08 30192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZyXEL G-220 v2 Wireless Adapter Utility.lnk - c:\program files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe [2009-5-26 10891264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ZyXEL\\ZyXEL G-220 v2 Wireless Adapter Utility\\ZyXEL G-220 v2.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [1/28/2010 12:37 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [1/28/2010 12:37 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [1/28/2010 12:37 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100518.002\IDSXpx86.sys [5/24/2010 2:03 PM 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [5/26/2009 4:55 PM 24576]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [1/28/2010 12:37 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/6/2009 7:34 PM 102448]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.SYS [5/26/2009 5:42 PM 402944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 9:29 PM 135664]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 01:29]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 01:29]

2010-05-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\caqswf4u.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRxdm011YYUS&fl=0&ptb=QBMZvWRENaYTEhqPI4uDcA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=41107&searchfor=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-24 19:52:39
ComboFix-quarantined-files.txt 2010-05-24 23:52
ComboFix2.txt 2010-05-21 03:23
ComboFix3.txt 2010-05-21 01:37
ComboFix4.txt 2010-05-03 16:54
ComboFix5.txt 2010-05-24 23:43

Pre-Run: 128,042,921,984 bytes free
Post-Run: 128,004,509,696 bytes free


Report •

#21
May 24, 2010 at 17:30:47
Rootrepeal yielded:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/24 20:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!


Report •

#22
May 24, 2010 at 17:41:25
I'm unable to attach the mgtool zip folder.

Report •

#23
May 25, 2010 at 08:56:41
please do a new HJT log

Report •

#24
May 25, 2010 at 16:08:41
ok Hijackthis yielded the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:38 PM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-2161807218-163748893-4247568029-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Tif')
O4 - HKUS\S-1-5-21-2161807218-163748893-4247568029-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tif')
O4 - HKUS\S-1-5-21-2161807218-163748893-4247568029-1006\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/b/boarder_xl/agame_com/boarder_xl_agame_com.html" (User 'Tif')
O4 - HKUS\S-1-5-21-2161807218-163748893-4247568029-1007\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Darian')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: ZyXEL G-220 v2 Wireless Adapter Utility.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10776 bytes


Report •

#25
May 25, 2010 at 16:52:43
did you get the message i sent you via inhouse email

Report •

Ask Question