Tech Support Forum - View Single Post - system slowdown, cant search the net, toolbar freezes?

Spalmhead · 08-05-2008, 05:57 AM

Hey Angelfire sorry about the delay but had some problems getting bleepingcomputer.com to load up, heres the logs

ComboFix

ComboFix 08-08-03.01 - Administrator 2008-08-05 12:43:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.231 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\Administrator\Desktop\Antivirus 2009.lnk
C:\Documents and Settings\Administrator\Start Menu\Antivirus 2009
C:\Documents and Settings\Administrator\Start Menu\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\Administrator\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-03 13:02 . 2008-08-03 13:02 <DIR> d-------- C:\Program Files\AV9
2008-08-01 23:18 . 2008-08-01 23:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 00:30 . 2008-07-31 00:30 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-07-29 15:19 . 2008-07-29 15:19 <DIR> d-------- C:\Deckard
2008-07-28 21:25 . 2008-07-28 21:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-28 20:15 . 2008-07-28 20:15 <DIR> d-------- C:\Program Files\Panda Security
2008-07-28 20:15 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-27 01:57 . 2008-07-27 01:57 <DIR> d-------- C:\Program Files\PartyPoker
2008-07-24 22:44 . 2008-07-24 22:45 <DIR> d-------- C:\Program Files\Celeb Poker
2008-07-24 10:39 . 2008-07-24 11:12 <DIR> d-------- C:\Program Files\free-downloads.net
2008-07-24 10:39 . 2008-07-24 10:39 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-23 19:34 . 2008-07-23 19:42 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-23 19:33 . 2008-07-27 02:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-23 19:30 . 2008-07-23 19:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-07-23 19:30 . 2008-07-23 19:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-23 18:03 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-23 18:03 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-07-23 18:03 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-07-23 18:03 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-07-23 18:03 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx
2008-07-23 18:03 . 2007-08-10 12:56 119,808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-23 03:35 . 2008-07-23 03:35 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-07-21 00:36 . 2008-07-21 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 02:40 . 2008-07-17 02:40 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-17 02:37 . 2008-07-17 02:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-17 02:37 . 2008-07-17 02:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-13 13:41 . 2008-07-13 13:43 <DIR> d-------- C:\Program Files\Winamp
2008-07-13 13:41 . 2008-07-31 01:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-07-13 13:09 . 2008-07-13 13:09 59 --a------ C:\WINDOWS\WININIT.INI
2008-07-11 03:16 . 2008-07-11 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-11 02:39 . 2008-07-13 13:25 <DIR> d-------- C:\Remote Programs
2008-07-11 02:39 . 2008-07-11 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metaboli Player
2008-07-11 02:39 . 2004-02-04 10:01 2,238 --------- C:\WINDOWS\metaboli.ico
2008-07-11 02:39 . 2008-07-11 15:51 68 --a------ C:\WINDOWS\GPlrLanc.dat
2008-07-11 02:38 . 2008-07-13 20:44 <DIR> d-------- C:\Program Files\Metaboli Player
2008-07-11 02:38 . 2008-05-15 14:12 53,314 --------- C:\WINDOWS\ExentInfo.exe
2008-07-11 01:51 . 2008-07-11 01:51 <DIR> d-------- C:\Program Files\Oberon Media
2008-07-11 01:51 . 2008-07-23 18:08 <DIR> d-------- C:\Program Files\FREE Games Extras
2008-07-11 01:51 . 2008-07-11 01:51 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-11 01:51 . 2008-07-20 01:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 01:51 . 2008-07-11 01:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Oberon Media
2008-07-08 01:16 . 2008-07-08 01:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-08 01:16 . 2008-07-08 01:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-08 01:02 . 2008-07-08 01:02 <DIR> d-------- C:\WINDOWS\Sun
2008-07-07 19:42 . 2008-07-07 19:42 <DIR> d-------- C:\Program Files\LEGO Games
2008-07-07 16:55 . 2008-07-07 16:55 <DIR> d-------- C:\Program Files\Stickies
2008-07-07 16:55 . 2008-08-05 10:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\stickies
2008-07-07 01:48 . 2007-06-22 18:02 107,520 --a------ C:\WINDOWS\system32\UnCasino5.exe
2008-07-07 01:36 . 2007-08-01 11:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe
2008-07-07 00:57 . 2008-07-07 18:19 <DIR> d-------- C:\Program Files\Poker.com
2008-07-06 23:01 . 2008-07-29 22:38 <DIR> d-------- C:\Program Files\PokerStars
2008-07-06 22:33 . 2008-07-28 23:19 <DIR> d-------- C:\Program Files\CarbonPoker
2008-07-06 21:45 . 2008-07-31 00:16 <DIR> d-------- C:\Program Files\Littlewoods Poker
2008-07-06 20:30 . 2008-07-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-07-06 19:46 . 2008-07-06 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-07-06 18:12 . 2008-07-07 13:10 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-05 23:59 . 2008-07-05 23:59 59 --a------ C:\WINDOWS\pp.enc
2008-07-05 23:39 . 2008-07-10 23:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microgaming
2008-07-05 23:38 . 2008-07-05 23:38 <DIR> d-------- C:\Microgaming
2008-07-05 23:08 . 2008-07-13 20:29 <DIR> d-------- C:\Poker
2008-07-05 21:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-05 21:13 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-05 19:10 . 2008-07-05 19:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-05 18:54 . 2008-07-05 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2008-07-05 18:42 . 2008-07-05 18:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-07-05 18:42 . 2008-07-05 18:42 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-05 18:40 . 2008-07-05 18:41 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-07-05 18:38 . 2008-07-05 18:38 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere
2008-07-05 18:34 . 2008-07-05 18:34 <DIR> d-------- C:\Program Files\Real
2008-07-05 18:34 . 2008-07-05 18:51 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-05 18:34 . 2008-07-05 18:34 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-07-05 18:32 . 2008-07-06 00:17 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2008-07-05 18:32 . 2008-07-05 18:32 <DIR> d-------- C:\Program Files\7-Zip
2008-07-05 18:31 . 2008-07-05 18:52 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-05 17:37 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-05 17:37 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-05 17:36 . 2008-07-24 21:03 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 16:17 . 2008-07-05 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-05 16:10 . 2008-07-05 16:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-05 16:09 . 2008-07-05 18:54 <DIR> d-------- C:\Program Files\NOS
2008-07-05 16:09 . 2008-07-05 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-05 14:14 . 2008-07-05 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 14:14 . 2008-07-05 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TigerPlayer
2008-07-05 14:13 . 2008-07-05 14:14 <DIR> d-------- C:\Program Files\MpcStar
2008-07-05 10:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-05 10:34 . 2008-07-09 12:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-05 10:32 . 2008-07-14 16:09 <DIR> d-------- C:\Program Files\Google
2008-07-05 10:31 . 2008-07-05 20:17 <DIR> d-------- C:\Program Files\BitComet
2008-07-05 10:31 . 2008-07-28 16:14 <DIR> d-------- C:\Downloads
2008-07-05 10:31 . 2008-07-05 10:31 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-07-05 09:55 . 2008-07-31 00:16 <DIR> d-------- C:\Program Files\Absolute Poker
2008-07-05 09:55 . 2008-07-05 09:55 <DIR> d-------- C:\Program Files\_uninstallation_info
2008-07-05 09:54 . 2008-07-05 09:54 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-07-05 09:50 . 2008-07-05 09:50 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:45 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-26 20:16 --------- d-----w C:\Program Files\Sports Interactive
2008-07-26 14:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-07-23 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 16:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sports Interactive
2008-07-06 20:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-05 08:38 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-07-04 15:57 --------- d-----w C:\Program Files\Virgin Broadband
2008-07-04 15:31 --------- d-----w C:\Program Files\Raxco
2008-07-04 15:31 --------- d-----w C:\Program Files\Common Files\Authentium
2008-07-04 15:31 --------- d-----w C:\Program Files\CA
2008-07-04 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-04 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-07-04 15:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Virgin Broadband
2008-07-04 15:24 --------- d-----w C:\Program Files\Virgin Media Broadband
2008-07-04 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-04 15:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-03 22:04 --------- d-----w C:\Program Files\Virgin Broadband Wireless
2008-07-01 17:44 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-01 15:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-01 15:28 --------- d-----w C:\Program Files\Java
2008-07-01 15:28 --------- d-----w C:\Program Files\Common Files\Java
2008-07-01 15:24 --------- d-----w C:\Program Files\Analog Devices
2008-07-01 15:12 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-06-03 04:42 2596152]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-05 11:22 171448]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
"93751330765667180758236897386253"="C:\Program Files\AV9\av2009.exe" [2008-08-03 13:02 973312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-07-05 14:14 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 22:33 36352]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=buknzu.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CarbonPoker\\client.exe"=
"C:\\Program Files\\Poker.com\\client.exe"=
"C:\\Program Files\\Littlewoods Poker\\UA.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8419:TCP"= 8419:TCP:BitComet 8419 TCP
"8419:UDP"= 8419:UDP:BitComet 8419 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 X4HSX32Ex;X4HSX32Ex;C:\Program Files\Metaboli Player\X4HSX32Ex.Sys [2007-11-14 11:30]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AFGSp50.sys []
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 04:21]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 13:00]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 C:\WINDOWS\Tasks\rpc.job
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zddz7n59.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bbc.co.uk/

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 12:44:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-05 12:45:51
ComboFix-quarantined-files.txt 2008-08-05 11:45:48
ComboFix2.txt 2008-08-03 23:02:35

Pre-Run: 39,816,863,744 bytes free
Post-Run: 39,796,056,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

222 --- E O F --- 2008-07-22 02:02:00

New HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:18, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AV9\av2009.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [93751330765667180758236897386253] C:\Program Files\AV9\av2009.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/comm...eUploader4.cab
O20 - AppInit_DLLs: buknzu.dll
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8355 bytes

08-05-2008, 05:57 AM	#5 (permalink)
Spalmhead Registered User Join Date: Jan 2007 Posts: 18 OS: Windows XP	Re: system slowdown, cant search the net, toolbar freezes? Hey Angelfire sorry about the delay but had some problems getting bleepingcomputer.com to load up, heres the logs ComboFix ComboFix 08-08-03.01 - Administrator 2008-08-05 12:43:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.231 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk C:\Documents and Settings\Administrator\Desktop\Antivirus 2009.lnk C:\Documents and Settings\Administrator\Start Menu\Antivirus 2009 C:\Documents and Settings\Administrator\Start Menu\Antivirus 2009\Antivirus 2009.lnk C:\Documents and Settings\Administrator\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk . ((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))) . 2008-08-03 13:02 . 2008-08-03 13:02 <DIR> d-------- C:\Program Files\AV9 2008-08-01 23:18 . 2008-08-01 23:18 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-31 00:30 . 2008-07-31 00:30 <DIR> d-------- C:\Program Files\Adobe Media Player 2008-07-29 15:19 . 2008-07-29 15:19 <DIR> d-------- C:\Deckard 2008-07-28 21:25 . 2008-07-28 21:25 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-28 20:15 . 2008-07-28 20:15 <DIR> d-------- C:\Program Files\Panda Security 2008-07-28 20:15 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-07-27 01:57 . 2008-07-27 01:57 <DIR> d-------- C:\Program Files\PartyPoker 2008-07-24 22:44 . 2008-07-24 22:45 <DIR> d-------- C:\Program Files\Celeb Poker 2008-07-24 10:39 . 2008-07-24 11:12 <DIR> d-------- C:\Program Files\free-downloads.net 2008-07-24 10:39 . 2008-07-24 10:39 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-07-23 19:34 . 2008-07-23 19:42 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar 2008-07-23 19:33 . 2008-07-27 02:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-07-23 19:30 . 2008-07-23 19:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools 2008-07-23 19:30 . 2008-07-23 19:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-23 18:03 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2008-07-23 18:03 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx 2008-07-23 18:03 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx 2008-07-23 18:03 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll 2008-07-23 18:03 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx 2008-07-23 18:03 . 2007-08-10 12:56 119,808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2008-07-23 03:35 . 2008-07-23 03:35 <DIR> d-------- C:\Program Files\Common Files\NSV 2008-07-21 00:36 . 2008-07-21 00:36 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-17 02:40 . 2008-07-17 02:40 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-07-17 02:37 . 2008-07-17 02:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-17 02:37 . 2008-07-17 02:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-13 13:41 . 2008-07-13 13:43 <DIR> d-------- C:\Program Files\Winamp 2008-07-13 13:41 . 2008-07-31 01:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp 2008-07-13 13:09 . 2008-07-13 13:09 59 --a------ C:\WINDOWS\WININIT.INI 2008-07-11 03:16 . 2008-07-11 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-07-11 02:39 . 2008-07-13 13:25 <DIR> d-------- C:\Remote Programs 2008-07-11 02:39 . 2008-07-11 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metaboli Player 2008-07-11 02:39 . 2004-02-04 10:01 2,238 --------- C:\WINDOWS\metaboli.ico 2008-07-11 02:39 . 2008-07-11 15:51 68 --a------ C:\WINDOWS\GPlrLanc.dat 2008-07-11 02:38 . 2008-07-13 20:44 <DIR> d-------- C:\Program Files\Metaboli Player 2008-07-11 02:38 . 2008-05-15 14:12 53,314 --------- C:\WINDOWS\ExentInfo.exe 2008-07-11 01:51 . 2008-07-11 01:51 <DIR> d-------- C:\Program Files\Oberon Media 2008-07-11 01:51 . 2008-07-23 18:08 <DIR> d-------- C:\Program Files\FREE Games Extras 2008-07-11 01:51 . 2008-07-11 01:51 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2008-07-11 01:51 . 2008-07-20 01:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-11 01:51 . 2008-07-11 01:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Oberon Media 2008-07-08 01:16 . 2008-07-08 01:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-08 01:16 . 2008-07-08 01:16 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-08 01:02 . 2008-07-08 01:02 <DIR> d-------- C:\WINDOWS\Sun 2008-07-07 19:42 . 2008-07-07 19:42 <DIR> d-------- C:\Program Files\LEGO Games 2008-07-07 16:55 . 2008-07-07 16:55 <DIR> d-------- C:\Program Files\Stickies 2008-07-07 16:55 . 2008-08-05 10:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\stickies 2008-07-07 01:48 . 2007-06-22 18:02 107,520 --a------ C:\WINDOWS\system32\UnCasino5.exe 2008-07-07 01:36 . 2007-08-01 11:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe 2008-07-07 00:57 . 2008-07-07 18:19 <DIR> d-------- C:\Program Files\Poker.com 2008-07-06 23:01 . 2008-07-29 22:38 <DIR> d-------- C:\Program Files\PokerStars 2008-07-06 22:33 . 2008-07-28 23:19 <DIR> d-------- C:\Program Files\CarbonPoker 2008-07-06 21:45 . 2008-07-31 00:16 <DIR> d-------- C:\Program Files\Littlewoods Poker 2008-07-06 20:30 . 2008-07-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio 2008-07-06 19:46 . 2008-07-06 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster 2008-07-06 18:12 . 2008-07-07 13:10 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-05 23:59 . 2008-07-05 23:59 59 --a------ C:\WINDOWS\pp.enc 2008-07-05 23:39 . 2008-07-10 23:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microgaming 2008-07-05 23:38 . 2008-07-05 23:38 <DIR> d-------- C:\Microgaming 2008-07-05 23:08 . 2008-07-13 20:29 <DIR> d-------- C:\Poker 2008-07-05 21:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-05 21:13 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-07-05 19:10 . 2008-07-05 19:10 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-07-05 18:54 . 2008-07-05 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno 2008-07-05 18:42 . 2008-07-05 18:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM 2008-07-05 18:42 . 2008-07-05 18:42 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-07-05 18:40 . 2008-07-05 18:41 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-07-05 18:38 . 2008-07-05 18:38 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere 2008-07-05 18:34 . 2008-07-05 18:34 <DIR> d-------- C:\Program Files\Real 2008-07-05 18:34 . 2008-07-05 18:51 <DIR> d-------- C:\Program Files\Common Files\Real 2008-07-05 18:34 . 2008-07-05 18:34 774,144 --a------ C:\Program Files\RngInterstitial.dll 2008-07-05 18:32 . 2008-07-06 00:17 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com 2008-07-05 18:32 . 2008-07-05 18:32 <DIR> d-------- C:\Program Files\7-Zip 2008-07-05 18:31 . 2008-07-05 18:52 <DIR> d-------- C:\Program Files\Yahoo! 2008-07-05 17:37 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-07-05 17:37 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-07-05 17:36 . 2008-07-24 21:03 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-07-05 16:17 . 2008-07-05 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-07-05 16:10 . 2008-07-05 16:11 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-05 16:09 . 2008-07-05 18:54 <DIR> d-------- C:\Program Files\NOS 2008-07-05 16:09 . 2008-07-05 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-07-05 14:14 . 2008-07-05 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-05 14:14 . 2008-07-05 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TigerPlayer 2008-07-05 14:13 . 2008-07-05 14:14 <DIR> d-------- C:\Program Files\MpcStar 2008-07-05 10:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-05 10:34 . 2008-07-09 12:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-05 10:32 . 2008-07-14 16:09 <DIR> d-------- C:\Program Files\Google 2008-07-05 10:31 . 2008-07-05 20:17 <DIR> d-------- C:\Program Files\BitComet 2008-07-05 10:31 . 2008-07-28 16:14 <DIR> d-------- C:\Downloads 2008-07-05 10:31 . 2008-07-05 10:31 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-07-05 09:55 . 2008-07-31 00:16 <DIR> d-------- C:\Program Files\Absolute Poker 2008-07-05 09:55 . 2008-07-05 09:55 <DIR> d-------- C:\Program Files\_uninstallation_info 2008-07-05 09:54 . 2008-07-05 09:54 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData 2008-07-05 09:50 . 2008-07-05 09:50 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-27 19:45 --------- d-----w C:\Program Files\Common Files\Scanner 2008-07-26 20:16 --------- d-----w C:\Program Files\Sports Interactive 2008-07-26 14:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2 2008-07-23 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-23 16:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sports Interactive 2008-07-06 20:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-05 08:38 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-07-04 15:57 --------- d-----w C:\Program Files\Virgin Broadband 2008-07-04 15:31 --------- d-----w C:\Program Files\Raxco 2008-07-04 15:31 --------- d-----w C:\Program Files\Common Files\Authentium 2008-07-04 15:31 --------- d-----w C:\Program Files\CA 2008-07-04 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco 2008-07-04 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-07-04 15:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Virgin Broadband 2008-07-04 15:24 --------- d-----w C:\Program Files\Virgin Media Broadband 2008-07-04 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-07-04 15:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-07-03 22:04 --------- d-----w C:\Program Files\Virgin Broadband Wireless 2008-07-01 17:44 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-07-01 15:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-07-01 15:28 --------- d-----w C:\Program Files\Java 2008-07-01 15:28 --------- d-----w C:\Program Files\Common Files\Java 2008-07-01 15:24 --------- d-----w C:\Program Files\Analog Devices 2008-07-01 15:12 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-06-03 04:42 2596152] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-05 11:22 171448] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080] "93751330765667180758236897386253"="C:\Program Files\AV9\av2009.exe" [2008-08-03 13:02 973312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-07-05 14:14 282624] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 22:33 36352] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=buknzu.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CarbonPoker\\client.exe"= "C:\\Program Files\\Poker.com\\client.exe"= "C:\\Program Files\\Littlewoods Poker\\UA.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8419:TCP"= 8419:TCP:BitComet 8419 TCP "8419:UDP"= 8419:UDP:BitComet 8419 UDP R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 X4HSX32Ex;X4HSX32Ex;C:\Program Files\Metaboli Player\X4HSX32Ex.Sys [2007-11-14 11:30] S3 AFGMp50;AFGMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AFGMp50.sys [] S3 AFGSp50;AFGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AFGSp50.sys [] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 04:21] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10] S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 13:00] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-07-26 C:\WINDOWS\Tasks\rpc.job - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zddz7n59.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bbc.co.uk/ ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-05 12:44:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-05 12:45:51 ComboFix-quarantined-files.txt 2008-08-05 11:45:48 ComboFix2.txt 2008-08-03 23:02:35 Pre-Run: 39,816,863,744 bytes free Post-Run: 39,796,056,064 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 222 --- E O F --- 2008-07-22 02:02:00 New HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52:18, on 05/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\AV9\av2009.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [93751330765667180758236897386253] C:\Program Files\AV9\av2009.exe O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU) O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU) O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/comm...eUploader4.cab O20 - AppInit_DLLs: buknzu.dll O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8355 bytes