Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Slow computer, some sites not loading - VirtuMonde? Slow computer, some sites not loading - VirtuMonde?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 07-12-2008, 07:00 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 2
OS: Windows XP w/ SP3


I just freshly installed Windows XP and then installed SP3 right away yesterday. I went browsing and then installed a few programs and then the computer started to slow down and then some sites stopped to load.

I ran my old virus scanner, Sophos and it found a few trojans. The only one I can remember is VirtuMonde. I tried to clean it with Sophos, but that didn't work, so I uninstalled Sophos and got NOD32. That didn't work either, so I finally found this site for help.

This is what I did:
1) Scanned with Panda Active Scan -- log will be pasted below.
2) Scanned with DSS -- main log will be posted, extra log will be attached.
3) Ran ComboFix.exe -- yes, I know I shouldn't have, but in an attempt to expedite the process since I'm unable to browse a majority of websites, I ran it. NOD32 virus scanner was disabled during this step.
4) Scanned with DSS again after ComboFix -- main log will be posted, the extra log never popped up!

1. ActiveScan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-12 18:37:42
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET Smart Security 3.0 3.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\user\Local Settings\Temp\nsj8.tmp
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\user\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\user\Local Settings\Temp\nsa2B.tmp
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\user\Local Settings\Temp\nsc250C.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@burstnet[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[server.iad.liveperson.net/hc/23030613]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@advertising[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@realmedia[1].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\r8gihiw0.default\cookies.txt[.uol.com.br/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@adrevolver[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@atwola[2].txt
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\user\Desktop\VirtumundoBeGone.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location A
;===================================================================================================================================================================================
No C:\WINDOWS\system32\yayyWnLc.dll A
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description A
;===================================================================================================================================================================================
;===================================================================================================================================================================================


2. DSS before ComboFix.

Deckard's System Scanner v20071014.68
Run by user on 2008-07-12 18:39:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-07-13 01:39:55 UTC - RP19 - Deckard's System Scanner Restore Point
18: 2008-07-13 00:09:41 UTC - RP18 - Cleaned registry with Windows Live OneCare safety scanner
17: 2008-07-12 22:41:08 UTC - RP17 - Installed ESET Smart Security
16: 2008-07-12 22:38:53 UTC - RP16 - Removed Sophos AutoUpdate
15: 2008-07-12 22:38:04 UTC - RP15 - Removed Sophos Anti-Virus


-- First Restore Point --
1: 2008-07-12 20:31:30 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:04 PM, on 7/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4AEBC290-E4DC-415F-83F6-B5AC8948729a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7A6CD8B2-6388-441C-A321-DB365B2285AE} - C:\WINDOWS\system32\pmnlmMFW.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {CC0C754A-008E-445A-8B11-8250F5138E47} - (no file)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [549f72e0] rundll32.exe "C:\WINDOWS\system32\xracwlwu.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BM57ac417c] Rundll32.exe "C:\WINDOWS\system32\xplypvjo.dll",s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215838815279
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215853544903
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EBBB7AB-4337-4338-864F-A27BF5A3F598}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EBBB7AB-4337-4338-864F-A27BF5A3F598}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 6473 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 18:41:01 0 d-------- C:\Program Files\Trend Micro
2008-07-12 18:31:39 0 d-------- C:\Program Files\Winamp
2008-07-12 17:24:30 0 d-------- C:\Program Files\Panda Security
2008-07-12 15:43:17 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-12 15:42:35 0 d-------- C:\Documents and Settings\user\Application Data\ESET
2008-07-12 15:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-12 15:38:08 0 d-------- C:\WINDOWS\LastGood
2008-07-12 15:27:08 78848 --a------ C:\WINDOWS\system32\xracwlwu.dll
2008-07-12 15:27:00 91648 --a------ C:\WINDOWS\system32\xplypvjo.dll
2008-07-12 15:26:19 4642 --ahs---- C:\WINDOWS\system32\WFMmlnmp.ini2
2008-07-12 15:26:11 319488 --a------ C:\WINDOWS\system32\pmnlmMFW.dll
2008-07-12 15:25:29 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-12 15:21:56 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-12 15:20:24 0 d-------- C:\WINDOWS\CSC
2008-07-12 14:17:11 0 d-------- C:\SAV32CLI
2008-07-12 13:40:15 0 d-------- C:\Program Files\Nero
2008-07-12 13:40:15 0 d-------- C:\Program Files\Common Files\Nero
2008-07-12 13:40:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-12 13:39:10 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-12 13:37:49 78848 --a------ C:\WINDOWS\system32\twhwqaly.dll
2008-07-12 13:35:30 91648 --a------ C:\WINDOWS\system32\atpteqfp.dll
2008-07-12 13:31:20 2304 --ahs---- C:\WINDOWS\system32\LkQBIkkj.ini2
2008-07-12 13:30:50 0 d-------- C:\Program Files\AIM6_Cloned
2008-07-12 13:25:32 26112 --a------ C:\WINDOWS\system32\yayyWnLc.dll
2008-07-12 09:57:59 0 d-------- C:\Documents and Settings\user\Application Data\vlc
2008-07-12 09:56:27 0 d-------- C:\Program Files\VideoLAN
2008-07-12 02:22:10 722 --a------ C:\WINDOWS\mozver.dat
2008-07-12 02:05:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-12 02:05:01 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-12 02:04:59 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-12 01:54:48 0 d-------- C:\Program Files\Microsoft Works
2008-07-12 01:51:34 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-12 01:51:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-12 01:50:52 0 dr-h----- C:\MSOCache
2008-07-12 01:13:37 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 01:12:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-12 01:08:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-12 01:08:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-12 01:01:08 0 d--h----- C:\WINDOWS\PIF
2008-07-12 01:00:52 0 d-------- C:\Documents and Settings\user\Application Data\WinRAR
2008-07-11 23:55:48 0 d-------- C:\Program Files\uTorrent
2008-07-11 23:55:46 0 d-------- C:\Documents and Settings\user\Application Data\uTorrent
2008-07-11 23:16:58 0 d-------- C:\Documents and Settings\user\Application Data\Macromedia
2008-07-11 23:16:58 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-07-11 22:48:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-11 22:46:42 1233920 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
2008-07-11 22:40:44 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-07-11 22:40:04 0 d-------- C:\Program Files\Sophos
2008-07-11 22:39:11 0 d-------- C:\Program Files\Google
2008-07-11 22:38:02 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-11 22:37:28 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-11 22:37:01 0 d-------- C:\WINDOWS\Prefetch
2008-07-11 22:29:26 0 d-------- C:\WINDOWS\system32\scripting
2008-07-11 22:29:26 0 d-------- C:\WINDOWS\provisioning
2008-07-11 22:29:25 0 d-------- C:\WINDOWS\l2schemas
2008-07-11 22:29:24 0 d-------- C:\WINDOWS\system32\en
2008-07-11 22:29:24 0 d-------- C:\WINDOWS\system32\bits
2008-07-11 22:29:24 0 d-------- C:\WINDOWS\peernet
2008-07-11 22:27:58 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-11 22:26:57 0 d-------- C:\WINDOWS\network diagnostic
2008-07-11 22:26:23 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-11 22:25:40 0 d-------- C:\WINDOWS\EHome
2008-07-11 22:03:51 0 d-------- C:\Documents and Settings\user\Application Data\acccore
2008-07-11 22:03:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-11 22:03:26 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-11 22:03:23 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-11 22:03:23 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-11 22:03:14 0 d-------- C:\Program Files\Common Files\AOL
2008-07-11 22:03:06 0 d-------- C:\Program Files\AIM6
2008-07-11 22:01:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-11 22:01:56 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-07-11 22:00:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-11 22:00:13 0 d---s---- C:\Documents and Settings\user\UserData
2008-07-11 21:58:41 0 d-------- C:\WINDOWS\nview
2008-07-11 21:50:13 1732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-11 21:49:26 0 d-------- C:\Documents and Settings\user\Application Data\InstallShield
2008-07-11 21:48:30 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-11 21:46:46 0 d-------- C:\Program Files\IDT
2008-07-11 21:46:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 21:46:10 0 d-------- C:\WINDOWS\system32\Tools
2008-07-11 21:46:04 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-11 21:45:22 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-11 21:42:45 0 d--hs---- C:\WINDOWS\Installer
2008-07-11 21:42:43 0 d-------- C:\Documents and Settings\user\Application Data\Identities
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\Templates
2008-07-11 21:42:29 0 dr------- C:\Documents and Settings\user\Start Menu
2008-07-11 21:42:29 0 dr-h----- C:\Documents and Settings\user\SendTo
2008-07-11 21:42:29 0 dr-h----- C:\Documents and Settings\user\Recent
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\PrintHood
2008-07-11 21:42:29 1310720 --ah----- C:\Documents and Settings\user\NTUSER.DAT
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\NetHood
2008-07-11 21:42:29 0 dr------- C:\Documents and Settings\user\My Documents
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\Local Settings
2008-07-11 21:42:29 0 dr------- C:\Documents and Settings\user\Favorites
2008-07-11 21:42:29 0 d-------- C:\Documents and Settings\user\Desktop
2008-07-11 21:42:29 0 d---s---- C:\Documents and Settings\user\Cookies
2008-07-11 21:42:29 0 dr-h----- C:\Documents and Settings\user\Application Data
2008-07-11 21:41:57 0 d--hs---- C:\System Volume Information
2008-07-11 21:41:56 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-11 21:41:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-11 21:41:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-11 21:41:56 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-11 21:41:56 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-11 21:41:56 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-11 21:39:52 0 d-------- C:\WINDOWS\system32\xircom
2008-07-11 21:39:52 0 d-------- C:\Program Files\microsoft frontpage
2008-07-11 21:39:46 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-11 21:38:34 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-11 21:38:09 0 -rahs---- C:\MSDOS.SYS
2008-07-11 21:38:09 0 -rahs---- C:\IO.SYS
2008-07-11 21:38:09 0 --a------ C:\CONFIG.SYS
2008-07-11 21:38:09 0 --a------ C:\AUTOEXEC.BAT
2008-07-11 21:37:40 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-11 21:37:35 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-11 21:37:34 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-11 21:37:18 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-11 21:36:23 0 d-------- C:\WINDOWS\Registration
2008-07-11 21:31:32 0 d---s---- C:\WINDOWS\Tasks
2008-07-11 21:31:29 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-11 21:31:25 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-11 21:31:25 0 d-------- C:\WINDOWS\srchasst
2008-07-11 21:31:23 0 d-------- C:\Program Files\Movie Maker
2008-07-11 21:31:20 0 d-------- C:\WINDOWS\PCHealth
2008-07-11 21:31:19 0 d-------- C:\WINDOWS\system32\Restore
2008-07-11 21:31:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-11 21:30:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-11 21:30:55 0 d-------- C:\Program Files\Online Services
2008-07-11 21:30:53 0 d-------- C:\Program Files\Messenger
2008-07-11 21:30:48 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-11 21:30:17 0 d-------- C:\Program Files\Windows NT
2008-07-11 21:30:15 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-11 21:30:14 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-11 21:30:14 0 d-------- C:\WINDOWS\system32\Com
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-11 14:35:14 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-11 14:35:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-11 14:35:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-11 14:35:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-11 14:35:14 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-11 14:35:14 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-11 14:34:29 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-11 14:34:29 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-11 14:34:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-11 14:34:29 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2008-07-12 15:38:33 0 d-------- C:\Program Files\Common Files
2008-07-11 14:35:14 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AEBC290-E4DC-415F-83F6-B5AC8948729a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6CD8B2-6388-441C-A321-DB365B2285AE}]
07/12/2008 03:26 PM 319488 --a------ C:\WINDOWS\system32\pmnlmMFW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC0C754A-008E-445A-8B11-8250F5138E47}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [11/09/2007 03:22 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/04/2007 01:14 AM]
"nwiz"="nwiz.exe" [10/04/2007 01:14 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/04/2007 01:14 AM]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [06/12/2008 02:25 AM]
"@"="" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [06/11/2008 10:43 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"549f72e0"="C:\WINDOWS\system32\xracwlwu.dll" [07/12/2008 03:27 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"BM57ac417c"="C:\WINDOWS\system32\xplypvjo.dll" [07/12/2008 03:27 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 10:51 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlmMFW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - EAMON
*Newly Created Service* - EASDRV
*Newly Created Service* - EKRN
*Newly Created Service* - EPFW
*Newly Created Service* - EPFWTDI
*Newly Created Service* - OSE



-- End of Deckard's System Scanner: finished at 2008-07-12 18:42:41 ------------

3. ComboFix log
ComboFix 08-07-07.3 - user 2008-07-12 18:44:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1282 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM57ac417c.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atpteqfp.dll
C:\WINDOWS\system32\LkQBIkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnlmMFW.dll
C:\WINDOWS\system32\twhwqaly.dll
C:\WINDOWS\system32\uwlwcarx.ini
C:\WINDOWS\system32\WFMmlnmp.ini
C:\WINDOWS\system32\WFMmlnmp.ini2
C:\WINDOWS\system32\xplypvjo.dll
C:\WINDOWS\system32\xracwlwu.dll
C:\WINDOWS\system32\yayyWnLc.dll
C:\WINDOWS\system32\ylaqwhwt.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-12 18:41 . 2008-07-12 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 18:39 . 2008-07-12 18:39 <DIR> d-------- C:\Deckard
2008-07-12 18:31 . 2008-07-12 18:32 <DIR> d-------- C:\Program Files\Winamp
2008-07-12 18:31 . 2008-07-12 18:45 1,065 --a------ C:\WINDOWS\winamp.ini
2008-07-12 17:26 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-12 17:24 . 2008-07-12 17:24 <DIR> d-------- C:\Program Files\Panda Security
2008-07-12 15:43 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-12 15:42 . 2008-07-12 15:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\ESET
2008-07-12 15:41 . 2008-07-12 15:41 <DIR> d-------- C:\Program Files\ESET
2008-07-12 15:41 . 2008-07-12 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-12 15:38 . 2008-07-12 18:31 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-12 15:25 . 2008-07-12 15:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-12 14:17 . 2008-07-12 14:17 <DIR> d-------- C:\SAV32CLI
2008-07-12 13:43 . 2008-07-12 13:45 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-12 13:40 . 2008-07-12 13:40 <DIR> d-------- C:\Program Files\Nero
2008-07-12 13:40 . 2008-07-12 13:40 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-12 13:40 . 2008-07-12 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-12 13:35 . 2008-07-12 18:01 110,437 --a------ C:\WINDOWS\BM57ac417c.xml
2008-07-12 13:30 . 2008-07-12 13:31 <DIR> d-------- C:\Program Files\AIM6_Cloned
2008-07-12 09:57 . 2008-07-12 09:57 <DIR> d-------- C:\Documents and Settings\user\Application Data\vlc
2008-07-12 09:56 . 2008-07-12 09:56 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-12 02:22 . 2008-07-12 02:22 722 --a------ C:\WINDOWS\mozver.dat
2008-07-12 02:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-12 02:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-12 02:04 . 2008-07-12 02:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-12 01:55 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-12 01:54 . 2008-07-12 01:54 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-12 01:51 . 2008-07-12 11:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-12 01:51 . 2008-07-12 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-12 01:50 . 2008-07-12 01:50 <DIR> dr-h----- C:\MSOCache
2008-07-12 01:13 . 2008-07-12 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 01:12 . 2008-07-12 01:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-12 01:11 . 2008-04-07 05:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2008-07-12 01:11 . 2008-04-07 05:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll
2008-07-12 01:08 . 2008-07-12 01:12 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-12 01:01 . 2008-07-12 01:01 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-11 23:55 . 2008-07-11 23:55 <DIR> d-------- C:\Program Files\uTorrent
2008-07-11 23:55 . 2008-07-12 13:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\uTorrent
2008-07-11 22:48 . 2008-07-11 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-11 22:46 . 2008-07-11 22:46 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-07-11 22:40 . 2008-07-11 22:40 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-07-11 22:39 . 2008-07-11 22:39 <DIR> d-------- C:\Program Files\Google
2008-07-11 22:37 . 2008-07-12 13:39 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-11 22:27 . 2008-07-11 22:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-11 22:27 . 2008-04-14 05:41 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-07-11 22:25 . 2008-07-11 22:25 <DIR> d-------- C:\WINDOWS\EHome
2008-07-11 22:07 . 2008-07-11 22:07 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-11 22:03 . 2008-07-11 22:03 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-07-11 22:03 . 2008-07-11 22:03 <DIR> d-------- C:\Program Files\AIM6
2008-07-11 22:03 . 2008-07-11 22:03 <DIR> d-------- C:\Documents and Settings\user\Application Data\acccore
2008-07-11 22:03 . 2008-07-12 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-11 22:03 . 2008-07-11 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-11 22:03 . 2008-07-11 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-11 22:03 . 2008-07-12 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-11 22:03 . 2008-07-11 22:03 452 --ah----- C:\IPH.PH
2008-07-11 22:01 . 2008-07-11 22:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-11 22:00 . 2008-07-11 22:00 <DIR> d---s---- C:\Documents and Settings\user\UserData
2008-07-11 14:35 . 2008-07-11 21:36 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-07-11 14:34 . 2008-07-11 22:37 <DIR> d--h----- C:\Documents and Settings\Default User
2008-07-11 14:34 . 2008-07-11 21:37 <DIR> d-------- C:\Documents and Settings\All Users
2008-07-11 14:34 . 2003-07-16 09:33 1,086,182 -ra------ C:\WINDOWS\SET16.tmp
2008-07-11 14:34 . 2003-07-16 09:24 13,608 -ra------ C:\WINDOWS\SET22.tmp
2008-07-11 14:34 . 2003-07-16 09:48 7,046 -ra------ C:\WINDOWS\SET34.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 04:49 --------- d-----w C:\Documents and Settings\user\Application Data\InstallShield
2008-07-12 04:47 --------- d-----w C:\Program Files\IDT
2008-07-12 04:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 04:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-12 04:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 12:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 12:41 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 12:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 12:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 12:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 12:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 10:51 50528]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-10-04 01:14 8491008]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-10-04 01:14 81920]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"nwiz"="nwiz.exe" [2007-10-04 01:14 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

*Newly Created Service* - PAVBOOT
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-549f72e0 - C:\WINDOWS\system32\xracwlwu.dll
HKLM-Run-BM57ac417c - C:\WINDOWS\system32\xplypvjo.dll
ShellExecuteHooks-{788629AF-89BB-40CC-825C-44170578E2CC} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 18:47:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-12 18:48:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 01:48:37

Pre-Run: 180,286,017,536 bytes free
Post-Run: 180,247,187,456 bytes free

165


4. DSS log after ComboFix
Deckard's System Scanner v20071014.68
Run by user on 2008-07-12 18:57:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:48 PM, on 7/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215838815279
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215853544903
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EBBB7AB-4337-4338-864F-A27BF5A3F598}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EBBB7AB-4337-4338-864F-A27BF5A3F598}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 6273 bytes

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 18:50:56 0 d-------- C:\WINDOWS\LastGood
2008-07-12 18:43:37 68096 --a------ C:\WINDOWS\zip.exe
2008-07-12 18:43:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-12 18:43:37 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-12 18:43:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-12 18:43:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-12 18:43:37 98816 --a------ C:\WINDOWS\sed.exe
2008-07-12 18:43:37 80412 --a------ C:\WINDOWS\grep.exe
2008-07-12 18:43:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-12 18:41:01 0 d-------- C:\Program Files\Trend Micro
2008-07-12 18:31:39 0 d-------- C:\Program Files\Winamp
2008-07-12 17:24:30 0 d-------- C:\Program Files\Panda Security
2008-07-12 15:43:17 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-12 15:42:35 0 d-------- C:\Documents and Settings\user\Application Data\ESET
2008-07-12 15:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-12 15:25:29 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-12 15:21:56 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-12 15:20:24 0 d-------- C:\WINDOWS\CSC
2008-07-12 14:17:11 0 d-------- C:\SAV32CLI
2008-07-12 13:40:15 0 d-------- C:\Program Files\Nero
2008-07-12 13:40:15 0 d-------- C:\Program Files\Common Files\Nero
2008-07-12 13:40:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-12 13:39:10 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-12 13:30:50 0 d-------- C:\Program Files\AIM6_Cloned
2008-07-12 09:57:59 0 d-------- C:\Documents and Settings\user\Application Data\vlc
2008-07-12 09:56:27 0 d-------- C:\Program Files\VideoLAN
2008-07-12 02:22:10 722 --a------ C:\WINDOWS\mozver.dat
2008-07-12 02:05:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-12 02:05:01 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-12 02:04:59 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-12 01:54:48 0 d-------- C:\Program Files\Microsoft Works
2008-07-12 01:51:34 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-12 01:51:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-12 01:50:52 0 dr-h----- C:\MSOCache
2008-07-12 01:13:37 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 01:12:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-12 01:08:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-12 01:08:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-12 01:01:08 0 d--h----- C:\WINDOWS\PIF
2008-07-12 01:00:52 0 d-------- C:\Documents and Settings\user\Application Data\WinRAR
2008-07-11 23:55:48 0 d-------- C:\Program Files\uTorrent
2008-07-11 23:55:46 0 d-------- C:\Documents and Settings\user\Application Data\uTorrent
2008-07-11 23:16:58 0 d-------- C:\Documents and Settings\user\Application Data\Macromedia
2008-07-11 23:16:58 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-07-11 22:48:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-11 22:46:42 1233920 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
2008-07-11 22:40:44 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-07-11 22:39:11 0 d-------- C:\Program Files\Google
2008-07-11 22:38:02 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-11 22:37:28 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-11 22:37:01 0 d-------- C:\WINDOWS\Prefetch
2008-07-11 22:29:26 0 d-------- C:\WINDOWS\system32\scripting
2008-07-11 22:29:26 0 d-------- C:\WINDOWS\provisioning
2008-07-11 22:29:25 0 d-------- C:\WINDOWS\l2schemas
2008-07-11 22:29:24 0 d-------- C:\WINDOWS\system32\en
2008-07-11 22:29:24 0 d-------- C:\WINDOWS\system32\bits
2008-07-11 22:29:24 0 d-------- C:\WINDOWS\peernet
2008-07-11 22:27:58 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-11 22:26:57 0 d-------- C:\WINDOWS\network diagnostic
2008-07-11 22:26:23 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-11 22:25:40 0 d-------- C:\WINDOWS\EHome
2008-07-11 22:03:51 0 d-------- C:\Documents and Settings\user\Application Data\acccore
2008-07-11 22:03:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-11 22:03:26 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-11 22:03:23 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-11 22:03:23 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-11 22:03:14 0 d-------- C:\Program Files\Common Files\AOL
2008-07-11 22:03:06 0 d-------- C:\Program Files\AIM6
2008-07-11 22:01:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-11 22:01:56 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-07-11 22:00:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-11 22:00:13 0 d---s---- C:\Documents and Settings\user\UserData
2008-07-11 21:58:41 0 d-------- C:\WINDOWS\nview
2008-07-11 21:50:13 1732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-11 21:49:26 0 d-------- C:\Documents and Settings\user\Application Data\InstallShield
2008-07-11 21:48:30 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-11 21:46:46 0 d-------- C:\Program Files\IDT
2008-07-11 21:46:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 21:46:10 0 d-------- C:\WINDOWS\system32\Tools
2008-07-11 21:46:04 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-11 21:45:22 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-11 21:42:45 0 d--hs---- C:\WINDOWS\Installer
2008-07-11 21:42:43 0 d-------- C:\Documents and Settings\user\Application Data\Identities
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\Templates
2008-07-11 21:42:29 0 dr------- C:\Documents and Settings\user\Start Menu
2008-07-11 21:42:29 0 dr-h----- C:\Documents and Settings\user\SendTo
2008-07-11 21:42:29 0 dr-h----- C:\Documents and Settings\user\Recent
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\PrintHood
2008-07-11 21:42:29 1310720 --ah----- C:\Documents and Settings\user\NTUSER.DAT
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\NetHood
2008-07-11 21:42:29 0 dr------- C:\Documents and Settings\user\My Documents
2008-07-11 21:42:29 0 d--h----- C:\Documents and Settings\user\Local Settings
2008-07-11 21:42:29 0 dr------- C:\Documents and Settings\user\Favorites
2008-07-11 21:42:29 0 d-------- C:\Documents and Settings\user\Desktop
2008-07-11 21:42:29 0 d---s---- C:\Documents and Settings\user\Cookies
2008-07-11 21:42:29 0 dr-h----- C:\Documents and Settings\user\Application Data
2008-07-11 21:41:57 0 d--hs---- C:\System Volume Information
2008-07-11 21:41:56 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-11 21:41:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-11 21:41:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-11 21:41:56 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-11 21:41:56 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-11 21:41:56 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-11 21:41:56 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-11 21:39:52 0 d-------- C:\WINDOWS\system32\xircom
2008-07-11 21:39:52 0 d-------- C:\Program Files\microsoft frontpage
2008-07-11 21:39:46 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-11 21:38:34 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-11 21:38:09 0 -rahs---- C:\MSDOS.SYS
2008-07-11 21:38:09 0 -rahs---- C:\IO.SYS
2008-07-11 21:38:09 0 --a------ C:\CONFIG.SYS
2008-07-11 21:38:09 0 --a------ C:\AUTOEXEC.BAT
2008-07-11 21:37:40 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-11 21:37:35 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-11 21:37:34 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-11 21:37:18 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-11 21:36:23 0 d-------- C:\WINDOWS\Registration
2008-07-11 21:31:32 0 d---s---- C:\WINDOWS\Tasks
2008-07-11 21:31:29 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-11 21:31:25 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-11 21:31:25 0 d-------- C:\WINDOWS\srchasst
2008-07-11 21:31:23 0 d-------- C:\Program Files\Movie Maker
2008-07-11 21:31:20 0 d-------- C:\WINDOWS\PCHealth
2008-07-11 21:31:19 0 d-------- C:\WINDOWS\system32\Restore
2008-07-11 21:31:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-11 21:30:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-11 21:30:55 0 d-------- C:\Program Files\Online Services
2008-07-11 21:30:53 0 d-------- C:\Program Files\Messenger
2008-07-11 21:30:48 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-11 21:30:17 0 d-------- C:\Program Files\Windows NT
2008-07-11 21:30:15 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-11 21:30:14 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-11 21:30:14 0 d-------- C:\WINDOWS\system32\Com
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-11 14:35:14 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-11 14:35:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-11 14:35:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-11 14:35:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-11 14:35:14 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-11 14:35:14 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-11 14:35:14 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-11 14:35:14 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-11 14:34:29 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-11 14:34:29 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-11 14:34:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-11 14:34:29 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2008-07-12 15:38:33 0 d-------- C:\Program Files\Common Files
2008-07-11 14:35:14 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [11/09/2007 03:22 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/04/2007 01:14 AM]
"nwiz"="nwiz.exe" [10/04/2007 01:14 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/04/2007 01:14 AM]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [06/12/2008 02:25 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [06/11/2008 10:43 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 10:51 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - PAVBOOT



-- End of Deckard's System Scanner: finished at 2008-07-12 18:59:04 ------------

The extra log generated by DSS before running ComboFix could not be attached. I have pasted it below.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 1791.17 MiB / 1276.22 MiB
Pagefile Memory (total/avail): 3689.26 MiB / 3327.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 186.3 GiB total, 167.95 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3200826A - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NINJA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\NINJA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=NINJA
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM 6 Cloned --> "C:\Program Files\AIM6_Cloned\unins000.exe"
ESET Smart Security --> MsiExec.exe /I{A1350B64-1AF8-497B-AC07-307DF67FB8D4}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
IDT Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -l0x9 -remove -removeonly
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET Smart Security\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1260 / Success
Event Submitted/Written: 07/12/2008 03:38:56 PM
Event ID/Source: 0 / WSH
Event Description:
Sophos AutoUpdate Service stopped OK. (Loop count = 0)

Event Record #/Type1255 / Warning
Event Submitted/Written: 07/12/2008 03:21:56 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type1254 / Warning
Event Submitted/Written: 07/12/2008 03:19:13 PM
Event ID/Source: 32 / Sophos Anti-Virus
Event Description:
Registry valueHKLM\Software\Microsoft\Windows\CurrentVersion\Run\549f72e0Mal/Generic-A-1

Event Record #/Type1253 / Warning
Event Submitted/Written: 07/12/2008 03:19:13 PM
Event ID/Source: 32 / Sophos Anti-Virus
Event Description:
FileC:\WINDOWS\system32\twhwqaly.dllMal/Generic-A-1

Event Record #/Type1252 / Warning
Event Submitted/Written: 07/12/2008 03:19:13 PM
Event ID/Source: 32 / Sophos Anti-Virus
Event Description:
Registry keyHKCR\CLSID\{788629af-89bb-40cc-825c-44170578e2cc}Mal/Generic-A-1



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type330 / Error
Event Submitted/Written: 07/12/2008 03:37:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type303 / Error
Event Submitted/Written: 07/12/2008 03:22:11 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SAVOnAccessControl
SAVOnAccessFilter

Event Record #/Type302 / Error
Event Submitted/Written: 07/12/2008 03:21:56 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Event Record #/Type301 / Error
Event Submitted/Written: 07/12/2008 03:21:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type300 / Error
Event Submitted/Written: 07/12/2008 03:20:57 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-07-12 18:42:41 ------------
Last edited by amateur : 07-13-2008 at 01:25 AM. Reason: to retain 0-reply status
epikclean is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-18-2008, 12:38 PM   #2 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 2
OS: Windows XP w/ SP3


Re: Slow computer, some sites not loading - VirtuMonde?
Bump please.
epikclean is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:28 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82