(XP system) Applications constantly report - not responding

JoeBlack999 · 07-29-2008, 07:30 AM

P4 machine
Gigabyte motherboard
1 GB ram
Windows XP home SP2
Audigy soundcard
Nvidia GForce 5600 graphics card.

Got hit with Virtuamonde trojan.

Ran a barrage of scans, with Trojan Hunter, Spybot Search and Destroy, Panda Anti-Virus, Adshampoo Firewall (yes, a mixed bag). Even ran Hitman Pro 2 overnight.

Eventually got system to a usable state, although, not fast, and it ran reasonably well for about a week, then it really slowed up again

Problem is, how to verify if my system is truley clean and to establish what damage to system files etc has to be addressed.

Currently, IE6 and other running programs halt, task manager shows them to be not responding, but given time, they resume, another click on the program window starts this not responding cycle again.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Software\Anti_Virus\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {11298E6D-4A10-43E4-894D-F5D9210D451C} - (no file)
O2 - BHO: (no name) - {155AEF9B-C290-475E-AE88-861AAEBD101A} - (no file)
O2 - BHO: (no name) - {34037DC3-6EF5-4101-BF1E-7D5F2A848F7B} - (no file)
O2 - BHO: (no name) - {3E59FF6A-0DC5-48B1-ACA7-F3BD82BF9BF2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {727FBC49-8F5F-475E-8BE2-058DACC50629} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {D1C18077-2B4B-44DF-ACCB-56C04B5024C2} - (no file)
O2 - BHO: (no name) - {D62A2513-0A8B-44F8-8479-3AFFAFC5FF82} - (no file)
O2 - BHO: (no name) - {F73C97CD-769D-41B6-94FA-1A9966AB4284} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\PCL-3000\Driver\WATCH.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: geBqRjHy - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8290 bytes

JoeBlack999 · 08-19-2008, 06:35 AM

Bump!

**TheBruce1** · 08-19-2008, 07:26 AM

Hello,

If you still require assistance, please do this.

Hijackthis Uninstall List

* Start HijackThis
* Click on the Config button
* Click on the Misc Tools button
* Click on the Open Uninstall Manager button.
* You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply.

========

With Hijackthis still open click on the main menu then click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

Note: Please include the header information when posting the Hijackthis Log.

========
Logs Required
Uninstall List
Hijackthis Log

JoeBlack999 · 08-20-2008, 10:23 AM

Yes, I still need help with my PC, I have done quite a bit of work since I first posted - the main issue now seems to be the dreaded blue screen of death - relating to afd.sys.

Attached HiJackthis log and unistall list as per request.

Acrobat.com
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnyDVD
Apple Mobile Device Support
Apple Software Update
Ashampoo FireWall PRO 1.14
Audible Download Manager
BitComet 1.03
Bonjour
BroadJump Client Foundation
Canon iP4300
Canon iP4300 User Registration
ChapterMaster
CloneCD
CloneDVD2
Cracklock 3.9.44
Creative MediaSource DVD-Audio Player
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
CyberLink PowerDVD8
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp Dalet Codec
dBpoweramp DirectShow Decoder
dBpowerAMP DirectShow Decoder Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
dBpoweramp Windows Media Audio 10 Codec
Diskeeper Professional Edition
Easy-WebPrint
Exact Audio Copy 0.99pb4
GEAR 32bit Driver Installer
GEAR driver installer
GEAR Drivers
GoldWave v5.08
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
ImgBurn
InCD
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 7
Kaspersky Internet Security 7.0
Kaspersky Internet Security 7.0
Magic ISO Maker v5.5 (build 0265)
Magic ISO Maker v5.5 (build 0272)
MAGIX Audio Cleaning Lab 12 8.0.1.0 (US)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Monkey's Audio
Mozilla Firefox (3.0.1)
Mp3tag v2.41
MSXML 4.0 SP2 (KB936181)
Nero 6
Nero Digital
Nero Media Player
Notepad++
PCL -3000 v2.7
PDF Settings
PeerGuardian 2.0
Perfect Uninstaller v5.5
PowerISO
Privoxy 3.0.6
QuickTime
Ruby 0.90.2
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Servant Salamander 2.5 RC1
Spybot - Search & Destroy
Spyware Doctor 6.0
SpywareBlaster 4.1
TeraCopy 2.0 beta 3
Tor 0.1.2.19
TuneUp Utilities 2008
Unlocker 1.8.7
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Vidalia 0.0.16
VirtualCloneDrive
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver

=========

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22, on 2008-08-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-21-2052111302-1606980848-839522115-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-2052111302-1606980848-839522115-1004\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1606980848-839522115-1004\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-21-2052111302-1606980848-839522115-1004\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User '?')
O4 - HKUS\S-1-5-21-2052111302-1606980848-839522115-1004\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-2052111302-1606980848-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: geBqRjHy - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10959 bytes

**TheBruce1** · 08-20-2008, 11:08 AM

Hello again

lease subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so, just copy/paste the logs into your replies.

=========

You are running two firewalls, namely Kaspersky`s and Ashampoo FireWall PRO 1.14, please remove Ashampoo FireWall PRO 1.14 as having two firewalls will cause problems.

==========

P2P

P2P - I see you have P2P software BitComet 1.03 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

============

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

===========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

===========
Logs Required
C:\Combofix.txt
Hijackthis Log

JoeBlack999 · 08-20-2008, 12:24 PM

Disabled Ashampoo firewall

Run combofix log below.

Your comments regarding BitComet will be taken on board. Using it may have got my system in trouble in the first place. However, I do need some form of similar program as I have an account with audible.co.uk and moviescormedia, large downloads, paid for and legal, and I like the resume download function that bitcomet offers.

ComboFix 08-08-19.02 - Graham 2008-08-20 18:53:22.2 - NTFSx86

Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-20 17:12 . 2008-08-20 17:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-20 14:34 . 2008-08-20 14:34 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-20 14:34 . 2008-08-20 14:34 <DIR> d-------- C:\Program Files\MSECACHE
2008-08-19 19:35 . 2008-08-19 19:35 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-08-19 19:35 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Vidalia
2008-08-19 19:35 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\tor
2008-08-18 20:20 . 2008-08-18 20:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-08-17 23:14 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-17 23:13 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-08-17 23:12 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-08-17 23:11 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-17 23:10 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-17 23:09 . 2008-04-14 01:12 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-08-17 23:08 . 2008-04-13 19:31 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-17 23:07 . 2008-04-14 01:12 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-08-17 23:07 . 2008-04-13 19:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-08-17 23:07 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-08-17 23:07 . 2008-04-13 19:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-08-17 23:07 . 2001-08-17 13:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-08-17 23:07 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-08-17 23:07 . 2008-04-13 19:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-08-17 23:07 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-08-17 23:07 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-08-17 23:07 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-08-17 23:07 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-08-17 23:05 . 2008-04-13 19:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-17 23:05 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-17 23:05 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-08-17 23:05 . 2008-04-14 01:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-17 23:04 . 2008-04-14 01:11 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-08-17 23:04 . 2008-04-14 01:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-17 23:04 . 2008-04-13 19:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-08-17 23:04 . 2008-04-14 01:11 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-17 23:04 . 2008-04-14 01:12 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-08-17 23:03 . 2008-04-13 19:40 28,288 --a--c--- C:\WINDOWS\system32\dllcache\grserial.sys
2008-08-17 23:03 . 2008-04-14 01:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-17 23:03 . 2008-04-13 19:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-08-17 23:03 . 2008-04-13 19:41 18,560 --a--c--- C:\WINDOWS\system32\dllcache\i2omp.sys
2008-08-17 23:03 . 2008-04-13 19:41 8,576 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-17 23:02 . 2008-04-13 19:45 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-08-17 23:01 . 2008-04-13 19:39 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2008-08-17 23:01 . 2008-04-14 01:12 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-08-17 23:01 . 2008-04-13 19:40 8,320 --a--c--- C:\WINDOWS\system32\dllcache\dlttape.sys
2008-08-17 23:00 . 2008-04-14 01:11 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-08-17 22:59 . 2008-04-14 01:11 121,856 --a--c--- C:\WINDOWS\system32\dllcache\camext30.dll
2008-08-17 22:59 . 2008-04-13 19:46 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-08-17 22:59 . 2008-04-13 19:36 13,952 --a--c--- C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-08-17 22:59 . 2008-04-13 19:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys
2008-08-17 22:59 . 2008-04-13 19:40 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-08-17 22:58 . 2008-04-13 19:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-08-17 22:58 . 2008-04-14 01:12 18,432 --a--c--- C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-08-17 22:58 . 2008-04-13 19:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys
2008-08-17 22:58 . 2008-04-13 19:46 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-08-17 22:58 . 2008-04-13 19:46 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys
2008-08-17 22:56 . 2008-04-13 19:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-08-17 22:56 . 2008-04-13 19:40 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-08-17 22:55 . 2008-04-13 20:24 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-17 21:46 . 2008-08-17 21:56 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\ImgBurn
2008-08-17 21:43 . 2008-08-17 22:53 <DIR> dr------- C:\I386
2008-08-17 21:39 . 2008-08-17 21:39 <DIR> d-------- C:\Program Files\ImgBurn
2008-08-17 21:11 . 2008-08-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALM
2008-08-17 19:40 . 2008-08-17 19:40 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-1AFEECE286\Application Data\dBpoweramp
2008-08-17 18:09 . 2008-08-17 18:09 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-1AFEECE286
2008-08-17 09:25 . 2000-07-21 10:40 2,048 --a------ C:\w2ksect.bin
2008-08-17 09:21 . 2008-08-17 12:30 331,805,736 --a------ C:\XPSP3.exe
2008-08-16 19:55 . 2008-08-16 19:55 <DIR> d-------- C:\Program Files\Warp Engine Software
2008-08-16 18:31 . 2008-08-16 18:31 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.bmp
2008-08-16 18:30 . 2008-08-16 18:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.bmp
2008-08-16 18:30 . 2008-08-16 18:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp
2008-08-16 18:30 . 2008-08-16 18:30 2,873 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2008-08-16 18:30 . 2008-08-16 18:30 2,865 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2008-08-16 18:26 . 2008-08-16 18:26 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-08-16 18:26 . 2008-08-16 18:26 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-08-16 16:18 . 2008-08-16 16:18 <DIR> d-------- C:\Program Files\Cracklock
2008-08-14 20:51 . 2008-08-14 20:51 361,600 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-08-11 21:25 . 2008-08-11 21:29 106 --a------ C:\WINDOWS\MusicEditor.INI
2008-08-10 21:56 . 2008-08-11 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-10 21:48 . 2008-08-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-08-07 22:11 . 2008-08-17 18:22 <DIR> d-------- C:\Program Files\Save Flash
2008-08-06 19:31 . 2008-08-06 19:31 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-08-06 19:23 . 2008-08-06 19:25 <DIR> d-------- C:\Program Files\CyberLink
2008-08-05 18:37 . 2008-08-05 18:38 <DIR> d-------- C:\Program Files\Notepad++
2008-08-05 18:37 . 2008-08-05 19:49 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Notepad++
2008-08-05 18:06 . 2008-08-06 19:27 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\CyberLink
2008-08-05 17:34 . 2008-08-06 19:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-08-04 12:20 . 2008-08-04 12:20 <DIR> d-------- C:\Program Files\Bluetack
2008-08-03 18:30 . 2008-08-20 17:35 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\ChapterMaster
2008-08-03 17:17 . 2008-08-03 17:17 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\MP3toiPodAudioBookConverter
2008-07-30 23:18 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-30 23:18 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-30 23:18 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-30 23:18 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-30 23:18 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-30 23:18 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-30 23:18 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-30 23:18 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-30 23:18 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-30 22:04 . 2003-03-31 13:00 457,607 -----c--- C:\WINDOWS\system32\dllcache\mdlib.wmv
2008-07-30 22:03 . 2008-04-14 01:11 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-07-27 22:34 . 2008-08-20 18:52 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-20021102}.CDF
2008-07-27 18:43 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-07-27 18:43 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-07-27 18:43 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-07-27 18:42 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-07-27 18:42 . 2001-08-17 13:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2008-07-27 18:42 . 2001-08-17 13:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2008-07-27 18:41 . 2001-08-17 12:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2008-07-27 18:40 . 2001-08-17 22:36 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll
2008-07-27 18:40 . 2001-08-17 13:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys
2008-07-27 18:40 . 2001-08-17 13:52 16,000 --a--c--- C:\WINDOWS\system32\dllcache\ini910u.sys
2008-07-27 18:40 . 2001-08-17 13:47 13,056 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys
2008-07-27 18:36 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-07-27 18:35 . 2001-08-17 14:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys
2008-07-27 18:35 . 2001-08-17 14:05 141,056 --a--c--- C:\WINDOWS\system32\dllcache\icam3.sys
2008-07-27 18:35 . 2001-08-17 14:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-27 18:35 . 2001-08-17 22:36 91,136 --a--c--- C:\WINDOWS\system32\dllcache\icam4com.dll
2008-07-27 18:35 . 2001-08-17 22:36 61,952 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll
2008-07-27 18:35 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-27 18:35 . 2001-08-17 14:06 38,528 --a--c--- C:\WINDOWS\system32\dllcache\ibmvcap.sys
2008-07-27 18:35 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\icam3ext.dll
2008-07-27 18:35 . 2001-08-17 22:36 20,480 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-27 18:34 . 2004-08-03 22:29 161,020 --a--c--- C:\WINDOWS\system32\dllcache\i81xnt5.sys
2008-07-27 18:34 . 2001-08-17 12:12 109,085 --a--c--- C:\WINDOWS\system32\dllcache\ibmtrp.sys
2008-07-27 18:34 . 2001-08-17 12:12 100,936 --a--c--- C:\WINDOWS\system32\dllcache\ibmtok.sys
2008-07-27 18:34 . 2001-08-17 12:49 58,592 --a--c--- C:\WINDOWS\system32\dllcache\i740nt5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 18:00 289,280 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-20 18:00 20,982,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-20 16:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\TeraCopy
2008-08-20 16:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 15:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-20 13:26 --------- d-----w C:\Documents and Settings\Graham\Application Data\uTorrent
2008-08-19 17:55 --------- d-----w C:\Program Files\Perfect Uninstaller
2008-08-17 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-17 16:16 --------- d-----w C:\Program Files\MagicISO
2008-08-16 22:40 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-16 21:47 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-16 17:51 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-16 15:25 --------- d-----w C:\Program Files\Google
2008-08-16 15:23 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-16 07:22 --------- d-----w C:\Documents and Settings\Vassie\Application Data\uTorrent
2008-08-13 20:42 243,064 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-10 18:55 --------- d-----w C:\Program Files\Microsoft Works
2008-08-10 18:54 --------- d-----w C:\Program Files\MSBuild
2008-08-09 17:42 --------- d-----w C:\Program Files\BitComet
2008-08-09 08:39 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 08:26 --------- d-----w C:\Program Files\iTunes
2008-08-09 08:25 --------- d-----w C:\Program Files\iPod
2008-08-07 21:22 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-07 21:22 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-06 18:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 19:10 --------- d-----w C:\Documents and Settings\Vassie\Application Data\Desktopicon
2008-08-04 19:10 --------- d-----w C:\Documents and Settings\Graham\Application Data\Desktopicon
2008-07-30 18:06 --------- d-----w C:\Program Files\ImTOO
2008-07-27 18:57 --------- d-----w C:\Program Files\PowerISO
2008-07-27 13:35 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-07-27 11:50 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-07-27 08:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-26 18:28 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-07-26 17:15 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-26 17:15 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-26 17:06 --------- d-----w C:\Program Files\TeraCopy
2008-07-26 08:40 --------- d-----w C:\Documents and Settings\Graham\Application Data\Ahead
2008-07-26 08:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-07-25 22:38 --------- d-----w C:\Documents and Settings\Graham\Application Data\Creative
2008-07-25 18:59 --------- d-----w C:\Program Files\Creative
2008-07-25 18:26 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-07-21 22:11 --------- d-----w C:\Documents and Settings\Graham\Application Data\dBpoweramp
2008-07-19 09:25 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\TrojanHunter
2008-07-18 19:00 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-18 19:00 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-17 21:23 --------- d-----w C:\Documents and Settings\Graham\Application Data\Alien Skin
2008-07-17 21:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-07-17 20:42 54,784 ----a-w C:\WINDOWS\system32\MSVCI70.dll
2008-07-16 22:52 --------- d-----w C:\Program Files\Mp3tag
2008-07-16 22:52 --------- d-----w C:\Documents and Settings\Graham\Application Data\Mp3tag
2008-07-16 20:32 --------- d-----w C:\Program Files\Ahead
2008-07-16 20:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Pro
2008-07-16 20:31 --------- d-----w C:\Program Files\USB Disk Security
2008-07-16 20:31 --------- d-----w C:\Program Files\SurfOffline
2008-07-16 20:31 --------- d-----w C:\Program Files\QuickTime
2008-07-16 20:31 --------- d-----w C:\Program Files\Panda Security
2008-07-16 20:31 --------- d-----w C:\Program Files\Kyodai Mahjongg 2006
2008-07-16 20:31 --------- d-----w C:\Program Files\JetAudio
2008-07-16 20:31 --------- d-----w C:\Program Files\FA128
2008-07-16 20:31 --------- d-----w C:\Program Files\DivX
2008-07-16 20:31 --------- d-----w C:\Program Files\DeliPlayer2
2008-07-16 20:31 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-07-16 20:31 --------- d-----w C:\Program Files\Common Files\Real
2008-07-15 20:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-07-15 20:08 --------- d-----w C:\Program Files\Java
2008-07-15 04:52 --------- d-----w C:\Program Files\Microsoft USB Flash Drive Manager
2008-07-15 04:52 --------- d-----w C:\Program Files\Hitman Pro
2008-07-13 21:31 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\Apple Computer
2008-07-13 20:29 --------- d-----w C:\Documents and Settings\Graham\Application Data\Thinstall
2008-07-13 20:19 --------- d-----w C:\Documents and Settings\Graham\Application Data\COWON
2008-07-13 09:49 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\TuneUp Software
2008-07-12 23:15 --------- d-----w C:\Documents and Settings\Graham\Application Data\Lavasoft
2008-07-12 08:19 1,107,227 ----a-w C:\WRAR.EXE
2008-07-12 03:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\PC Tools
2008-07-12 03:04 164 ----a-w C:\install.dat
2008-07-11 23:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-07-11 17:35 --------- d-----w C:\Program Files\Ashampoo
2008-07-10 08:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-09 20:45 --------- d-----w C:\Program Files\GoldWave
2008-07-09 19:48 --------- d-----w C:\Documents and Settings\Graham\Application Data\Systweak
2008-07-09 19:34 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-07-09 19:32 --------- d-----w C:\Program Files\Canon
2008-07-08 21:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
2008-07-08 21:21 --------- d-----w C:\Documents and Settings\Graham\Application Data\Apple Computer
2008-07-08 21:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-07-08 21:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-07-08 20:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-07-08 20:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\AD ON Multimedia
2008-07-08 20:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\AccurateRip
2008-07-07 21:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-07-07 21:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel
2008-07-07 21:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\TrojanHunter
2008-07-07 21:04 --------- d-----w C:\Documents and Settings\Graham\Application Data\TuneUp Software
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 20:40 --------- d-----w C:\Program Files\Yahoo!
2008-07-06 13:29 --------- d-----w C:\Documents and Settings\Linda\Application Data\TrojanHunter
2008-07-06 12:03 --------- d-----w C:\Program Files\Servant Salamander 2.5 RC1
2008-07-06 08:51 --------- d-----w C:\Documents and Settings\Vassie\Application Data\TeraCopy
2008-07-04 17:51 --------- d-----w C:\Program Files\CCleaner
2008-07-04 17:41 --------- d-----w C:\Program Files\IrfanView
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-28 12:10 2120640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 22:49 12889088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 05:15 15872]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
"CTDVDDET"="C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-06-27 16:50 91432]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2008-05-05 13:33 19456 C:\WINDOWS\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

C:\Documents and Settings\Graham\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-08-24 15:16:34 110592]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Graham^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo FireWall PRO]
--a------ 2006-12-21 02:10 3543552 C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"CTHelper"=CTHELPER.EXE
"CTxfiHlp"=CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11328:TCP"= 11328:TCP:BitComet 11328 TCP
"11328:UDP"= 11328:UDP:BitComet 11328 UDP

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-05-05 13:22]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-05-05 13:23]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-05-06 02:55]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 01:12]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-05-05 13:22]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-05-05 13:23]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-05-05 13:21]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-05-05 13:21]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-05-06 02:55]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Graham\Local Settings\TEMP\DrvFltIp []
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 20:00]
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-17 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]

2008-07-07 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -

Notify-geBqRjHy - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\mvjrthme.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 19:04:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Graham\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Graham\Local Settings\TEMP\DrvFltIp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
.
**************************************************************************
.
Completion time: 2008-08-20 19:16:34 - machine was rebooted [Graham]
ComboFix-quarantined-files.txt 2008-08-20 18:16:03

Pre-Run: 35,904,901,120 bytes free
Post-Run: 35,980,451,840 bytes free

374 --- E O F --- 2008-08-18 16:33:36

**TheBruce1** · 08-20-2008, 02:01 PM

You forgot to post a Hijackthis Log.

JoeBlack999 · 08-20-2008, 02:48 PM

Hijack log per request:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:44, on 20/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Cracklock\Bin\CLMNGR.exe
C:\Program Files\Cracklock\Bin\MCL.EXE
C:\PROGRAM FILES\RIGHTWORD ENTERPRISES\CHAPTERMASTER\CHAPTERMASTER.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9567 bytes

**TheBruce1** · 08-20-2008, 04:00 PM

Hello again Graham

S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

========

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

=========

Go to Start->Run and type in regedit and hit OK.Go to HKEY_LOCAL_MACHINE and click on it>then right-click on HKEY_LOCAL_MACHINE and select export.
Save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

Save the file as "Fix.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the Fix.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

===========

Go here and do the BitDefender online virus scan.

* Click "I Agree" to agree to the EULA.
* Allow the ActiveX control to install when prompted.
* Leave the scanning options at default and press "Click here to scan" to begin the scan.
* Please refrain from using the computer until the scan is finished.
* When the scan is finished, click on "Click here to export the scan results"
* Save the report to your desktop then come back here and post it in your next reply along with a new Hijack This log

==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
Bitdefender Scan Report
Hijackthis Log

JoeBlack999 · 08-21-2008, 09:55 AM

hijack log and bitdefender report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:48, on 21/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8809 bytes

For some reason the bitsdefender log saved as a zeor byte file.

However, I did not that it detected but did not remove packer.krunchy.a

**TheBruce1** · 08-21-2008, 12:30 PM

Hello again

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

You may need to remove a-squared Anti-Malware from Kaspersky trusted zone. Also Kaspersky Internet Security(2009)8 can be downloaded if you have a valid license. See Here .

Quote:

However, I did not that it detected but did not remove packer.krunchy.a

Do you happen to know the file name?

JoeBlack999 · 08-21-2008, 04:07 PM

Re-ran Hijack this - it could not remove the asquared anti-malware entry until I disabled it in the services menu.

Can I take it that a-squared Anti-Malware is not nice?

Re-ran bitdefender - this time no infections.

At this point, I should also say how much I value your hard work on my behalf.

**TheBruce1** · 08-21-2008, 04:40 PM

Hello again

Quote:

Re-ran Hijack this - it could not remove the asquared anti-malware entry until I disabled it in the services menu.

Good job.

Quote:

Can I take it that a-squared Anti-Malware is not nice?

Nothing wrong with A-Squared Anti-Malware(Emsisoft) it`s a legitimate application, that entry had no file associated with the service so you were left with an orphaned entry in the registry, it was more of a tidy up than anything else.

Can you post a Hijackthis Log.

JoeBlack999 · 08-23-2008, 01:56 AM

Hijack This log per request.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:16, on 23/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8759 bytes

**TheBruce1** · 08-23-2008, 12:17 PM

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok

=========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.

Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages:

* Content category
* Phishing scam detection
* Site reputation
* Page reputation

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.
Note:Only compatible with Firefox 1.5 and higher.

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

------------------------------------------------------------------

IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List.

Download and installation instructions for IE-Spyad™ Here

-----------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Also, please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.

JoeBlack999 · 08-25-2008, 08:49 AM

Took some time to carry out the recent instructions. System seems stable now. Re-ran both BitDefender online virus scan and full Kaskpersky (installed) scan - no nasties lurking. Have removed BitComet - seems an open door to trouble. May need to do some house cleaning and some defragmenting. Otherwise it looks like the patient has made a recovery, many thanks.

07-29-2008, 07:30 AM	#1 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	(XP system) Applications constantly report - not responding P4 machine Gigabyte motherboard 1 GB ram Windows XP home SP2 Audigy soundcard Nvidia GForce 5600 graphics card. Got hit with Virtuamonde trojan. Ran a barrage of scans, with Trojan Hunter, Spybot Search and Destroy, Panda Anti-Virus, Adshampoo Firewall (yes, a mixed bag). Even ran Hitman Pro 2 overnight. Eventually got system to a usable state, although, not fast, and it ran reasonably well for about a week, then it really slowed up again Problem is, how to verify if my system is truley clean and to establish what damage to system files etc has to be addressed. Currently, IE6 and other running programs halt, task manager shows them to be not responding, but given time, they resume, another click on the program window starts this not responding cycle again. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe D:\Software\Anti_Virus\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {11298E6D-4A10-43E4-894D-F5D9210D451C} - (no file) O2 - BHO: (no name) - {155AEF9B-C290-475E-AE88-861AAEBD101A} - (no file) O2 - BHO: (no name) - {34037DC3-6EF5-4101-BF1E-7D5F2A848F7B} - (no file) O2 - BHO: (no name) - {3E59FF6A-0DC5-48B1-ACA7-F3BD82BF9BF2} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {727FBC49-8F5F-475E-8BE2-058DACC50629} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {D1C18077-2B4B-44DF-ACCB-56C04B5024C2} - (no file) O2 - BHO: (no name) - {D62A2513-0A8B-44F8-8479-3AFFAFC5FF82} - (no file) O2 - BHO: (no name) - {F73C97CD-769D-41B6-94FA-1A9966AB4284} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Watch.lnk = C:\Program Files\PCL-3000\Driver\WATCH.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: geBqRjHy - C:\WINDOWS\ O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8290 bytes

08-19-2008, 06:35 AM	#2 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding Bump!

08-19-2008, 07:26 AM	#3 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: (XP system) Applications constantly report - not responding Hello, If you still require assistance, please do this. Hijackthis Uninstall List * Start HijackThis * Click on the Config button * Click on the Misc Tools button * Click on the Open Uninstall Manager button. * You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply. ======== With Hijackthis still open click on the main menu then click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. Note: Please include the header information when posting the Hijackthis Log. ======== Logs Required Uninstall List Hijackthis Log __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating Last edited by TheBruce1; 08-19-2008 at 07:27 AM.

08-20-2008, 11:08 AM	#5 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: (XP system) Applications constantly report - not responding Hello again lease subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present. Please DO NOT Attach logs to your posts unless you are advised to do so, just copy/paste the logs into your replies. ========= You are running two firewalls, namely Kaspersky`s and Ashampoo FireWall PRO 1.14, please remove Ashampoo FireWall PRO 1.14 as having two firewalls will cause problems. ========== P2P P2P - I see you have P2P software BitComet 1.03 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections. References for the risk of these programs are Here, Here and Here. ============ Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. =========== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. =========== Logs Required C:\Combofix.txt Hijackthis Log __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

08-20-2008, 12:24 PM	#6 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding Disabled Ashampoo firewall Run combofix log below. Your comments regarding BitComet will be taken on board. Using it may have got my system in trouble in the first place. However, I do need some form of similar program as I have an account with audible.co.uk and moviescormedia, large downloads, paid for and legal, and I like the resume download function that bitcomet offers. ComboFix 08-08-19.02 - Graham 2008-08-20 18:53:22.2 - NTFSx86 Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))) . 2008-08-20 17:12 . 2008-08-20 17:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-20 14:34 . 2008-08-20 14:34 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-20 14:34 . 2008-08-20 14:34 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-19 19:35 . 2008-08-19 19:35 <DIR> d-------- C:\Program Files\Vidalia Bundle 2008-08-19 19:35 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Vidalia 2008-08-19 19:35 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\tor 2008-08-18 20:20 . 2008-08-18 20:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet 2008-08-17 23:14 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-08-17 23:13 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-08-17 23:12 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-08-17 23:11 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-08-17 23:10 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-08-17 23:09 . 2008-04-14 01:12 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll 2008-08-17 23:08 . 2008-04-13 19:31 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-08-17 23:07 . 2008-04-14 01:12 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax 2008-08-17 23:07 . 2008-04-13 19:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys 2008-08-17 23:07 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys 2008-08-17 23:07 . 2008-04-13 19:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-08-17 23:07 . 2001-08-17 13:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys 2008-08-17 23:07 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys 2008-08-17 23:07 . 2008-04-13 19:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys 2008-08-17 23:07 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys 2008-08-17 23:07 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys 2008-08-17 23:07 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys 2008-08-17 23:07 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys 2008-08-17 23:05 . 2008-04-13 19:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-08-17 23:05 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll 2008-08-17 23:05 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll 2008-08-17 23:05 . 2008-04-14 01:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll 2008-08-17 23:04 . 2008-04-14 01:11 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll 2008-08-17 23:04 . 2008-04-14 01:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2008-08-17 23:04 . 2008-04-13 19:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2008-08-17 23:04 . 2008-04-14 01:11 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2008-08-17 23:04 . 2008-04-14 01:12 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2008-08-17 23:03 . 2008-04-13 19:40 28,288 --a--c--- C:\WINDOWS\system32\dllcache\grserial.sys 2008-08-17 23:03 . 2008-04-14 01:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-08-17 23:03 . 2008-04-13 19:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-08-17 23:03 . 2008-04-13 19:41 18,560 --a--c--- C:\WINDOWS\system32\dllcache\i2omp.sys 2008-08-17 23:03 . 2008-04-13 19:41 8,576 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys 2008-08-17 23:02 . 2008-04-13 19:45 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys 2008-08-17 23:01 . 2008-04-13 19:39 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-08-17 23:01 . 2008-04-14 01:12 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax 2008-08-17 23:01 . 2008-04-13 19:40 8,320 --a--c--- C:\WINDOWS\system32\dllcache\dlttape.sys 2008-08-17 23:00 . 2008-04-14 01:11 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll 2008-08-17 22:59 . 2008-04-14 01:11 121,856 --a--c--- C:\WINDOWS\system32\dllcache\camext30.dll 2008-08-17 22:59 . 2008-04-13 19:46 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys 2008-08-17 22:59 . 2008-04-13 19:36 13,952 --a--c--- C:\WINDOWS\system32\dllcache\cmbatt.sys 2008-08-17 22:59 . 2008-04-13 19:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys 2008-08-17 22:59 . 2008-04-13 19:40 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys 2008-08-17 22:58 . 2008-04-13 19:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys 2008-08-17 22:58 . 2008-04-14 01:12 18,432 --a--c--- C:\WINDOWS\system32\dllcache\bdaplgin.ax 2008-08-17 22:58 . 2008-04-13 19:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys 2008-08-17 22:58 . 2008-04-13 19:46 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys 2008-08-17 22:58 . 2008-04-13 19:46 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys 2008-08-17 22:56 . 2008-04-13 19:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2008-08-17 22:56 . 2008-04-13 19:40 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys 2008-08-17 22:55 . 2008-04-13 20:24 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-08-17 21:46 . 2008-08-17 21:56 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\ImgBurn 2008-08-17 21:43 . 2008-08-17 22:53 <DIR> dr------- C:\I386 2008-08-17 21:39 . 2008-08-17 21:39 <DIR> d-------- C:\Program Files\ImgBurn 2008-08-17 21:11 . 2008-08-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALM 2008-08-17 19:40 . 2008-08-17 19:40 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-1AFEECE286\Application Data\dBpoweramp 2008-08-17 18:09 . 2008-08-17 18:09 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-1AFEECE286 2008-08-17 09:25 . 2000-07-21 10:40 2,048 --a------ C:\w2ksect.bin 2008-08-17 09:21 . 2008-08-17 12:30 331,805,736 --a------ C:\XPSP3.exe 2008-08-16 19:55 . 2008-08-16 19:55 <DIR> d-------- C:\Program Files\Warp Engine Software 2008-08-16 18:31 . 2008-08-16 18:31 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.bmp 2008-08-16 18:30 . 2008-08-16 18:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.bmp 2008-08-16 18:30 . 2008-08-16 18:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp 2008-08-16 18:30 . 2008-08-16 18:30 2,873 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat 2008-08-16 18:30 . 2008-08-16 18:30 2,865 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat 2008-08-16 18:26 . 2008-08-16 18:26 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp 2008-08-16 18:26 . 2008-08-16 18:26 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat 2008-08-16 16:18 . 2008-08-16 16:18 <DIR> d-------- C:\Program Files\Cracklock 2008-08-14 20:51 . 2008-08-14 20:51 361,600 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-08-11 21:25 . 2008-08-11 21:29 106 --a------ C:\WINDOWS\MusicEditor.INI 2008-08-10 21:56 . 2008-08-11 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-08-10 21:48 . 2008-08-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS 2008-08-07 22:11 . 2008-08-17 18:22 <DIR> d-------- C:\Program Files\Save Flash 2008-08-06 19:31 . 2008-08-06 19:31 <DIR> d-------- C:\Program Files\Common Files\CyberLink 2008-08-06 19:23 . 2008-08-06 19:25 <DIR> d-------- C:\Program Files\CyberLink 2008-08-05 18:37 . 2008-08-05 18:38 <DIR> d-------- C:\Program Files\Notepad++ 2008-08-05 18:37 . 2008-08-05 19:49 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Notepad++ 2008-08-05 18:06 . 2008-08-06 19:27 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\CyberLink 2008-08-05 17:34 . 2008-08-06 19:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink 2008-08-04 12:20 . 2008-08-04 12:20 <DIR> d-------- C:\Program Files\Bluetack 2008-08-03 18:30 . 2008-08-20 17:35 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\ChapterMaster 2008-08-03 17:17 . 2008-08-03 17:17 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\MP3toiPodAudioBookConverter 2008-07-30 23:18 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-30 23:18 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-30 23:18 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-30 23:18 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-30 23:18 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-30 23:18 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-30 23:18 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-30 23:18 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-30 23:18 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-30 22:04 . 2003-03-31 13:00 457,607 -----c--- C:\WINDOWS\system32\dllcache\mdlib.wmv 2008-07-30 22:03 . 2008-04-14 01:11 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll 2008-07-27 22:34 . 2008-08-20 18:52 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-20021102}.CDF 2008-07-27 18:43 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll 2008-07-27 18:43 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll 2008-07-27 18:43 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll 2008-07-27 18:42 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys 2008-07-27 18:42 . 2001-08-17 13:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys 2008-07-27 18:42 . 2001-08-17 13:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2008-07-27 18:41 . 2001-08-17 12:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys 2008-07-27 18:40 . 2001-08-17 22:36 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll 2008-07-27 18:40 . 2001-08-17 13:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys 2008-07-27 18:40 . 2001-08-17 13:52 16,000 --a--c--- C:\WINDOWS\system32\dllcache\ini910u.sys 2008-07-27 18:40 . 2001-08-17 13:47 13,056 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys 2008-07-27 18:36 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll 2008-07-27 18:35 . 2001-08-17 14:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys 2008-07-27 18:35 . 2001-08-17 14:05 141,056 --a--c--- C:\WINDOWS\system32\dllcache\icam3.sys 2008-07-27 18:35 . 2001-08-17 14:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys 2008-07-27 18:35 . 2001-08-17 22:36 91,136 --a--c--- C:\WINDOWS\system32\dllcache\icam4com.dll 2008-07-27 18:35 . 2001-08-17 22:36 61,952 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll 2008-07-27 18:35 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll 2008-07-27 18:35 . 2001-08-17 14:06 38,528 --a--c--- C:\WINDOWS\system32\dllcache\ibmvcap.sys 2008-07-27 18:35 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\icam3ext.dll 2008-07-27 18:35 . 2001-08-17 22:36 20,480 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll 2008-07-27 18:34 . 2004-08-03 22:29 161,020 --a--c--- C:\WINDOWS\system32\dllcache\i81xnt5.sys 2008-07-27 18:34 . 2001-08-17 12:12 109,085 --a--c--- C:\WINDOWS\system32\dllcache\ibmtrp.sys 2008-07-27 18:34 . 2001-08-17 12:12 100,936 --a--c--- C:\WINDOWS\system32\dllcache\ibmtok.sys 2008-07-27 18:34 . 2001-08-17 12:49 58,592 --a--c--- C:\WINDOWS\system32\dllcache\i740nt5.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 18:00 289,280 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-20 18:00 20,982,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-20 16:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\TeraCopy 2008-08-20 16:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 15:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-08-20 13:26 --------- d-----w C:\Documents and Settings\Graham\Application Data\uTorrent 2008-08-19 17:55 --------- d-----w C:\Program Files\Perfect Uninstaller 2008-08-17 20:09 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-17 16:16 --------- d-----w C:\Program Files\MagicISO 2008-08-16 22:40 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-08-16 21:47 --------- d-----w C:\Program Files\SpywareBlaster 2008-08-16 17:51 --------- d-----w C:\Program Files\Spyware Doctor 2008-08-16 15:25 --------- d-----w C:\Program Files\Google 2008-08-16 15:23 --------- d-----w C:\Program Files\PeerGuardian2 2008-08-16 07:22 --------- d-----w C:\Documents and Settings\Vassie\Application Data\uTorrent 2008-08-13 20:42 243,064 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-08-10 18:55 --------- d-----w C:\Program Files\Microsoft Works 2008-08-10 18:54 --------- d-----w C:\Program Files\MSBuild 2008-08-09 17:42 --------- d-----w C:\Program Files\BitComet 2008-08-09 08:39 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 08:26 --------- d-----w C:\Program Files\iTunes 2008-08-09 08:25 --------- d-----w C:\Program Files\iPod 2008-08-07 21:22 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-08-07 21:22 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-08-06 18:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-04 19:10 --------- d-----w C:\Documents and Settings\Vassie\Application Data\Desktopicon 2008-08-04 19:10 --------- d-----w C:\Documents and Settings\Graham\Application Data\Desktopicon 2008-07-30 18:06 --------- d-----w C:\Program Files\ImTOO 2008-07-27 18:57 --------- d-----w C:\Program Files\PowerISO 2008-07-27 13:35 --------- d-----w C:\Program Files\Common Files\Panda Software 2008-07-27 11:50 --------- d-----w C:\Program Files\TrojanHunter 5.0 2008-07-27 08:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-07-26 18:28 --------- d-----w C:\Program Files\Common Files\MAGIX Shared 2008-07-26 17:15 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-07-26 17:15 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-26 17:06 --------- d-----w C:\Program Files\TeraCopy 2008-07-26 08:40 --------- d-----w C:\Documents and Settings\Graham\Application Data\Ahead 2008-07-26 08:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-07-25 22:38 --------- d-----w C:\Documents and Settings\Graham\Application Data\Creative 2008-07-25 18:59 --------- d-----w C:\Program Files\Creative 2008-07-25 18:26 --------- d-----w C:\Program Files\a-squared Anti-Malware 2008-07-21 22:11 --------- d-----w C:\Documents and Settings\Graham\Application Data\dBpoweramp 2008-07-19 09:25 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\TrojanHunter 2008-07-18 19:00 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-07-18 19:00 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-17 21:23 --------- d-----w C:\Documents and Settings\Graham\Application Data\Alien Skin 2008-07-17 21:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems 2008-07-17 20:42 54,784 ----a-w C:\WINDOWS\system32\MSVCI70.dll 2008-07-16 22:52 --------- d-----w C:\Program Files\Mp3tag 2008-07-16 22:52 --------- d-----w C:\Documents and Settings\Graham\Application Data\Mp3tag 2008-07-16 20:32 --------- d-----w C:\Program Files\Ahead 2008-07-16 20:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Pro 2008-07-16 20:31 --------- d-----w C:\Program Files\USB Disk Security 2008-07-16 20:31 --------- d-----w C:\Program Files\SurfOffline 2008-07-16 20:31 --------- d-----w C:\Program Files\QuickTime 2008-07-16 20:31 --------- d-----w C:\Program Files\Panda Security 2008-07-16 20:31 --------- d-----w C:\Program Files\Kyodai Mahjongg 2006 2008-07-16 20:31 --------- d-----w C:\Program Files\JetAudio 2008-07-16 20:31 --------- d-----w C:\Program Files\FA128 2008-07-16 20:31 --------- d-----w C:\Program Files\DivX 2008-07-16 20:31 --------- d-----w C:\Program Files\DeliPlayer2 2008-07-16 20:31 --------- d-----w C:\Program Files\DAMN NFO Viewer 2008-07-16 20:31 --------- d-----w C:\Program Files\Common Files\Real 2008-07-15 20:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead 2008-07-15 20:08 --------- d-----w C:\Program Files\Java 2008-07-15 04:52 --------- d-----w C:\Program Files\Microsoft USB Flash Drive Manager 2008-07-15 04:52 --------- d-----w C:\Program Files\Hitman Pro 2008-07-13 21:31 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\Apple Computer 2008-07-13 20:29 --------- d-----w C:\Documents and Settings\Graham\Application Data\Thinstall 2008-07-13 20:19 --------- d-----w C:\Documents and Settings\Graham\Application Data\COWON 2008-07-13 09:49 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\TuneUp Software 2008-07-12 23:15 --------- d-----w C:\Documents and Settings\Graham\Application Data\Lavasoft 2008-07-12 08:19 1,107,227 ----a-w C:\WRAR.EXE 2008-07-12 03:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\PC Tools 2008-07-12 03:04 164 ----a-w C:\install.dat 2008-07-11 23:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx 2008-07-11 17:35 --------- d-----w C:\Program Files\Ashampoo 2008-07-10 08:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 20:45 --------- d-----w C:\Program Files\GoldWave 2008-07-09 19:48 --------- d-----w C:\Documents and Settings\Graham\Application Data\Systweak 2008-07-09 19:34 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ 2008-07-09 19:32 --------- d-----w C:\Program Files\Canon 2008-07-08 21:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft 2008-07-08 21:21 --------- d-----w C:\Documents and Settings\Graham\Application Data\Apple Computer 2008-07-08 21:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer 2008-07-08 21:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple 2008-07-08 20:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier 2008-07-08 20:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\AD ON Multimedia 2008-07-08 20:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\AccurateRip 2008-07-07 21:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software 2008-07-07 21:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel 2008-07-07 21:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\TrojanHunter 2008-07-07 21:04 --------- d-----w C:\Documents and Settings\Graham\Application Data\TuneUp Software 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-06 20:40 --------- d-----w C:\Program Files\Yahoo! 2008-07-06 13:29 --------- d-----w C:\Documents and Settings\Linda\Application Data\TrojanHunter 2008-07-06 12:03 --------- d-----w C:\Program Files\Servant Salamander 2.5 RC1 2008-07-06 08:51 --------- d-----w C:\Documents and Settings\Vassie\Application Data\TeraCopy 2008-07-04 17:51 --------- d-----w C:\Program Files\CCleaner 2008-07-04 17:41 --------- d-----w C:\Program Files\IrfanView . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-28 12:10 2120640] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 22:49 12889088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 05:15 15872] "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240] "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272] "CTDVDDET"="C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056] "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-06-27 16:50 91432] "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "CTHelper"="CTHELPER.EXE" [2008-05-05 13:33 19456 C:\WINDOWS\system32\CtHelper.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528] C:\Documents and Settings\Graham\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-08-24 15:16:34 110592] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Audible Download Manager.lnk] backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Watch.lnk] backup=C:\WINDOWS\pss\Watch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Graham^Start Menu^Programs^Startup^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo FireWall PRO] --a------ 2006-12-21 02:10 3543552 C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "CTHelper"=CTHELPER.EXE "CTxfiHlp"=CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11328:TCP"= 11328:TCP:BitComet 11328 TCP "11328:UDP"= 11328:UDP:BitComet 11328 UDP R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50] R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-05-05 13:22] R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-05-05 13:23] R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-05-06 02:55] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 01:12] S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-05-05 13:22] S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-05-05 13:23] S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-05-05 13:21] S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-05-05 13:21] S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-05-06 02:55] S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Graham\Local Settings\TEMP\DrvFltIp [] S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 20:00] . Contents of the 'Scheduled Tasks' folder 2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31] 2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-08-17 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20] 2008-07-07 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20] . - - - - ORPHANS REMOVED - - - - Notify-geBqRjHy - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\mvjrthme.default\ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 19:04:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\C:\Documents and Settings\Graham\Local Settings\TEMP\ASFWHide" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp] "ImagePath"="\??\C:\Documents and Settings\Graham\Local Settings\TEMP\DrvFltIp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Unlocker\UnlockerHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe . ************************************************************************ . Completion time: 2008-08-20 19:16:34 - machine was rebooted [Graham] ComboFix-quarantined-files.txt 2008-08-20 18:16:03 Pre-Run: 35,904,901,120 bytes free Post-Run: 35,980,451,840 bytes free 374 --- E O F --- 2008-08-18 16:33:36

08-20-2008, 02:01 PM	#7 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: (XP system) Applications constantly report - not responding You forgot to post a Hijackthis Log. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

08-20-2008, 02:48 PM	#8 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding Hijack log per request: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:45:44, on 20/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\explorer.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Cracklock\Bin\CLMNGR.exe C:\Program Files\Cracklock\Bin\MCL.EXE C:\PROGRAM FILES\RIGHTWORD ENTERPRISES\CHAPTERMASTER\CHAPTERMASTER.EXE C:\Program Files\iTunes\iTunes.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9567 bytes

08-21-2008, 09:55 AM	#10 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding hijack log and bitdefender report Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49:48, on 21/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\GEARSEC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 8809 bytes For some reason the bitsdefender log saved as a zeor byte file. However, I did not that it detected but did not remove packer.krunchy.a

08-21-2008, 04:07 PM	#12 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding Re-ran Hijack this - it could not remove the asquared anti-malware entry until I disabled it in the services menu. Can I take it that a-squared Anti-Malware is not nice? Re-ran bitdefender - this time no infections. At this point, I should also say how much I value your hard work on my behalf.

08-23-2008, 01:56 AM	#14 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding Hijack This log per request. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:55:16, on 23/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\GEARSEC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216178441656 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 8759 bytes

08-23-2008, 12:17 PM	#15 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: (XP system) Applications constantly report - not responding Well done, your logs are clean. Click start>run>type(or copy/paste command into run box): ComboFix /u Click ok ========= Clear IE7 cookies On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab. On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too]. Click OK, and then click OK again. Clear Firefox cookies/cache* • Select "Tools" • Select "Options". • Select "Privacy". • In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want. • Click OK. • In Private area click "Clear Now". ------------------------------------------------------------------------------------------- MICROSOFT UPDATES 1.Click Start,Run, type sysdm.cpl, and then press OK. 2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended). Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday". ------------------------------------------------------------------------------------------ Useful Information and Programs to keep you safe. TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages: * Content category * Phishing scam detection * Site reputation * Page reputation WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites. WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites. Note:Only compatible with Firefox 1.5 and higher. -------------------------------------------------------------------------------------- Alternate Browsers Try the following free alternate browsers rather than Internet Explorer Avant Firefox Opera K-Meleon ------------------------------------------------------------------------------------------ Free Antispyware Products SuperAntiSpyware Malwarebytes ' Anti-Malware ------------------------------------------------------------------ IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List. Download and installation instructions for IE-Spyad™ Here ----------------------------------------- The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file. If your having trouble downloading & extracting,see link below for guidance: http://www.mvps.org/winhelp2002/hosts2.htm Once you have extracted the host file,double click on it and a new window will open. Double-click on mvps.batand follow the prompts --------------------------------------------------------------- Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer. ---------------------------------------- SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. ============================================== Also, please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Please reply to this thread once more, as we may mark this as resolved, thanks. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating**

08-25-2008, 08:49 AM	#16 (permalink)
JoeBlack999 Registered User Join Date: Jul 2008 Posts: 9 OS: xp home sp2	Re: (XP system) Applications constantly report - not responding Took some time to carry out the recent instructions. System seems stable now. Re-ran both BitDefender online virus scan and full Kaskpersky (installed) scan - no nasties lurking. Have removed BitComet - seems an open door to trouble. May need to do some house cleaning and some defragmenting. Otherwise it looks like the patient has made a recovery, many thanks.